Assume that your web-facing services will ultimately be hacked by threat actors in one way or another.
But what if an attacker could simply bypass any authentication mechanisms and just walk in the front door? Would they enter? And what could they do with that access?
Cloud security researcher Oshrat Bar joins Mitiga Mic host Brian Contos to discuss her recent research, "An Uninvited Guest," wherein she looks at how a misconfiguration in Salesforce’s Guest User Profile settings can unintentionally expose sensitive data and access to unauthenticated users.
Like so many we see these days, this situation requires no hacking whatsoever. Just misconfigurations and misuse of real functionality.
ShinyHunters has been targeting Salesforce for some time now, making use of the many SaaS platforms that tie into the CRM. Given the nature of the attack, it can't simply be patched. Oshrat says you need to know how to prepare and what to watch for.
Complexity is the attack surface in this story.
Read the full breakdown, including the attack flow summary and how to tell if you're exposed here.
