Cybersecurity News, Awards, Webinars, eSummits, Research

Ghost Sites: Stealing Data From Deactivated Salesforce Communities

Inactive Salesforce Communities could leak sensitive data

Stephen WeigandJune 2, 2023

Threat actors could gain access to improperly deactivated or unmaintained Salesforce Sites by changing the host header, thereby gaining access to sensitive personal and business data.

WHITEPAPER

Wanted: A Few Good Threat Hunters

PODCASTS

RESOURCES

FEATURED

White silhouette of key made from zeros and ones

New milestones prove passkeys are ‘ready for prime time,’ says FIDO Alliance leader

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Data security

Millions of users vulnerable to zero-day in MOVEit file transfer app

Steve ZurierJune 2, 2023

Users of the popular file transfer app from Progress Software used by 1,700 software companies and 3.5 million developers are urged to patch immediately.

Ransomware

BlackCat ransomware gang updates tradecraft with stealth and speed

Simon HenderyJune 2, 2023

The group has bragged that its new Sphynx malware “has been completely rewritten from scratch."

Third-party risk

Python byte code used to avoid detection and load malware

Steve ZurierJune 1, 2023

ReversingLabs researchers say the ability to execute malicious Python byte code files poses yet another supply chain risk.

The Russian embassy in Berlin is seen. The Russian government claims a mobile malware campaign uncovered by Kaspersky was directed by the U.S. government and also targeted their embassy staff and a range of other countries. (Credit: Terroa via Getty Images)

Device Security

Russia accuses US, Apple of foul play while Kaspersky uncovers mobile malware campaign

Derek B. JohnsonJune 1, 2023

Kaspersky tells SC Media that the cybersecurity firm is unaware of victims outside the company and is not attributing the activity to a government or other actor.

Ransomware

Systems hack enables data theft, access for 8.9M MCNA Dental patients

Jessica DavisJune 1, 2023

This week’s healthcare data breach roundup includes multiple ransomware and data extortion incidents, a ransomware attack on Enzo Biochem, and includes ongoing outages at two hospitals in Idaho and Medford Radiology Group.

Privacy

Amazon to pay $30.8M for Alexa and Ring privacy violations

Simon HenderyJune 1, 2023

The retail and cloud computing giant must also implement new privacy and security programs under the terms of the settlements.

Abstract virtual fingerprint illustration on a modern coworking room background, personal biometric data concept.

Identity and access

The most overhyped identity trends, according to cybersecurity investors

Bradley BarthMay 31, 2023

Identiverse panelists cite identity solutions and concepts whose short-term trajectories might not live up to the buzz surrounding them.

Inactive Salesforce Communities could leak sensitive data

WHITEPAPER

Wanted: A Few Good Threat Hunters

PODCASTS

RESOURCES

FEATURED

New milestones prove passkeys are ‘ready for prime time,’ says FIDO Alliance leader

Get daily email updates

Perspectives

Five ways to prevent the risks from hardcoding secrets in code generated by LLMs

We need to refine and secure AI, not turn our backs on the technology

How ‘quick wins’ can boost cyber agility and resilience

A call to better protect US critical infrastructure in the fight against ransomware

The case for converged continuous compliance

In Brief

Secure-by-design space systems pushed amid increased cyber threats

Over 2.5M individuals impacted by Harvard Pilgrim Health Care ransomware attack

ALPHV/BlackCat ransomware attack against Casepoint under investigation

QBot malware operation examined

LatAm email accounts targeted by novel Horabot malware campaign

More Resources

In focus: MDR for finance

The 2023 Identiverse Trends Report: An overview

Growth, acceleration, and safety: Top trends in the digital identity industry

In focus: MDR for healthcare

Security professionals rank the most important people skills for incident response

Millions of users vulnerable to zero-day in MOVEit file transfer app

BlackCat ransomware gang updates tradecraft with stealth and speed

Python byte code used to avoid detection and load malware

Russia accuses US, Apple of foul play while Kaspersky uncovers mobile malware campaign

Systems hack enables data theft, access for 8.9M MCNA Dental patients

Amazon to pay $30.8M for Alexa and Ring privacy violations

The most overhyped identity trends, according to cybersecurity investors

EVENTS

Rising tensions, heightened stakes: A crash course in the latest observations from the cyber threat landscape

Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow

Prioritizing Blue Team Success Over Red Team Wins

Vulnerability management: Finding and fixing your fatal flaws

Beauty in the Basics: Battling advanced ATO schemes with simple practices