Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities

11 months ago AndyC

May
31,
2023Ravie
LakshmananData
protection
/
Cyber
Threat

Improperly
deactivated
and
abandoned
Salesforce

Sites
and

Communities
(aka
Experience
Cloud)
could
pose
severe
risks
to
organizations,
leading
to
unauthorized
access
to
sensitive
d

Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities



May
31,
2023Ravie
LakshmananData
protection
/
Cyber
Threat


Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities

Improperly
deactivated
and
abandoned
Salesforce

Sites
and

Communities
(aka
Experience
Cloud)
could
pose
severe
risks
to
organizations,
leading
to
unauthorized
access
to
sensitive
data.

Data
security
firm
Varonis
dubbed
the
abandoned,
unprotected,
and
unmonitored
resources
ghost
sites.”

“When
these
Communities
are
no
longer
needed,
though,
they
are
often
set
aside
but
not
deactivated,”
Varonis
Threat
Labs
researchers

said
in
a
new
report
shared
with
The
Hacker
News.

“Because
these
unused
sites
are
not
maintained,
they
aren’t
tested
against
vulnerabilities,
and
Admins
fail
to
update
the
site’s
security
measures
according
to
newer
guidelines.”

Varonis
said
it
found
many
of
these
deactivated
(but
still
active)
sites
still
fetching
new
data,
thereby
allowing
threat
actors
to
extract
data
by
manipulating
the

host
header
in
the
HTTP
request.


Salesforce Communities

Identifying
the
complete
internal
URLs
associated
with
the
sites
is
challenging
but
not
impossible,
as
an
adversary
could
leverage
tools
like
SecurityTrails
that
track
changes
to
DNS
records.


UPCOMING
WEBINAR

Zero
Trust
+
Deception:
Learn
How
to
Outsmart
Attackers!

Discover
how
Deception
can
detect
advanced
threats,
stop
lateral
movement,
and
enhance
your
Zero
Trust
strategy.
Join
our
insightful
webinar!

Save
My
Seat!

Compounding
the
risk
further
is
the
fact
that
the
obsolete
sites
lack
the
latest
security
protections,
making
them
an
ideal
target
for
threat
actors
looking
to
siphon
sensitive
information.

“The
exposed
data
is
not
restricted
to
only
old
data
from
when
the
site
was
in
use;
it
also
includes
new
records
that
were
shared
with
the
guest
user,
due
to
the
sharing
configuration
in
their
Salesforce
environment,”
the
researchers
said.

To
mitigate
the
threats
associated
with
ghost
sites,
organizations
are
advised
to
keep
track
of
all
Salesforce
sites
and
their
respective
users’
permissions.
It’s
also
recommended
to
properly
deactivate
sites
that
are
no
longer
in
use.

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

2 hours ago AndyC
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

8 hours ago AndyC
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

8 hours ago AndyC
New Case Study: The Malicious Comment

New Case Study: The Malicious Comment

8 hours ago AndyC
Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)

Google Simplifies 2-Factor Authentication Setup (It’s More Important Than Ever)

8 hours ago AndyC
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering

Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering

8 hours ago AndyC

You may have missed

How to Report Identity Theft to Social Security

2 hours ago AndyC
MITRE attributes the recent attack to China-linked UNC5221

MITRE attributes the recent attack to China-linked UNC5221

2 hours ago AndyC

New Attack on VPNs – Schneier on Security

2 hours ago AndyC
U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security

U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security

2 hours ago AndyC
AI chip shortages continue, but there may be an end in sight

AI chip shortages continue, but there may be an end in sight

2 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.