Security News

Generative AI Security: Getting ready for Salesforce Einstein Copilot
2024-09-24 14:02

Salesforce's Einstein Copilot can provide insights and perform tasks help streamline daily processes. However, it also comes with risks that you should takes steps to mitigate. Learn more from...

Inside the strategy of Salesforce’s new Chief Trust Officer
2024-02-19 05:30

At Salesforce, Trust is our #1 value, and we build security into everything we do - across the business and our entire ecosystem - so that our customers and partners can focus on growth. Diving deeper, Salesforce has a world-class security team with security tools and systems to prevent, detect, and respond to any security threat.

IBM, Salesforce and More Pledge to White House List of Eight AI Safety Assurances
2023-09-13 14:32

Assurances include watermarking, reporting about capabilities and risks, investing in safeguards to prevent bias and more. Some of the largest generative AI companies operating in the U.S. plan to watermark their content, a fact sheet from the White House revealed on Friday, July 21.

Dreamforce 2023: Salesforce Expands Einstein AI and Data Cloud Platform
2023-09-12 14:34

Salesforce announced a rebrand of its Einstein 1 Data Cloud and new capabilities for the Einstein generative AI assistant for CRM at the Dreamforce conference held in San Francisco on Tuesday, Sept. 12. Salesforce's Einstein 1 Data Cloud metadata framework will be integrated within the Einstein 1 Platform.

Salesforce and Meta suffer phishing campaign that evades typical detection methods
2023-08-02 14:15

The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services and SMTP servers. The vulnerability allowed threat actors to craft targeted phishing emails, evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.

Hackers exploited Salesforce zero-day in Facebook phishing attack
2023-08-02 13:52

Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts.The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.

Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign
2023-08-02 12:55

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. What makes the attack notable is that the phishing kit is hosted as a game under the Facebook apps platform using the domain apps.

Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities
2023-05-31 13:00

Improperly deactivated and abandoned Salesforce Sites and Communities could pose severe risks to organizations, leading to unauthorized access to sensitive data. "Because these unused sites are not maintained, they aren't tested against vulnerabilities, and Admins fail to update the site's security measures according to newer guidelines."

Salesforce sued in attempt to block release of Capitol riot info
2022-03-16 06:04

Salesforce has become a defendant in a case brought by the Republican National Committee that seeks to prevent release of information revealing communications within the Republican Party related to the storming of the US Capitol building on January 6, 2021. Salesforce has become embroiled in the case because the Select Committee investigating the events of the day learned that the RNC and the Trump for President campaign used Salesforce for campaign communications and some internal communication.

Salesforce mandates MFA by default
2022-01-07 07:30

This change has profound implications: customers unable to implement MFA across their access by the set date can continue to use Salesforce without MFA at their own risk. Thales statistics suggest that 90 per cent of cyberattacks utilise compromised credentials in some way, which if correct implies that failing to implement MFA on Salesforce is potentially shifting responsibility for almost all cyberattacks involving the service.