Misconfigured Custom Salesforce Apps Expose Corporate Data | El Al Flight Crew Suffers Communication Disruption

Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps. [TechWeb]( Follow Dark Reading: [RSS]( February 22, 2024 LATEST SECURITY NEWS & COMMENTARY [Misconfigured Custom Salesforce Apps Expose Corporate Data]( Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps. [El Al Flight Crew Suffers Midflight Communication Disruption]( Though the incident took place over a known Houthi area, some say this incident was at the hands of a Somali group, based on frequent communication disruptions in the country. [Iran Warship Aiding Houthi Pirates Hacked by US]( US reportedly launched a cyberattack against an Iranian military ship suspected of helping Houthi rebel pirates menacing shipping traffic in the Red Sea. [Critical ConnectWise RMM Bug Poised for Exploitation Avalanche]( Two days after disclosure, most instances of the remote desktop tool remain unpatched, while cyberattackers have started in-the-wild exploitation — and researchers warn it could get ugly, fast. ['KeyTrap' DNS Bug Threatens Widespread Internet Outages]( Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet. [CISO Corner: CIO Convergence, 10 Critical Security Metrics & Ivanti Fallout]( Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus. [Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity]( "Voltzite," the APT's subset that focuses on OT networks and critical infrastructure, has also compromised targets in Africa. [Google's Cloud Run Service Spreads Several Bank Trojans]( A surging bank malware campaign abuses Google Cloud Run and targets Latin America, with indications that it's hitting other regions as well, researchers warn. [iOS, Android Malware Steals Faces to Defeat Biometrics With AI Swaps]( Southeast Asia is learning the hard way that biometric scans are nearly as easy to bypass as other kinds of authentication data, thanks to a creative banking Trojan. [Cybersecurity's Transformative Shift]( The industry is evolving from one of conventional threat detection toward a strategy that emphasizes context and preempts user behavior. [How CISOs Balance Business Growth, Security in Cyber-Threat Landscape]( Collaboration, care, and proactive planning need to be part of CISO toolboxes as worsening threat environments become the new normal. CISOs need to adjust processes so business innovation can continue. [Cyber Insurance Needs to Evolve to Ensure Greater Benefit]( A catastrophic cyber event hasn't yet come to pass, but vast amounts of personal data have been compromised. We need to be prepared for worst-case scenarios. [Name That Toon: Keys to the Kingdom]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. ['VoltSchemer' Hack Allows Wireless Charger Takeovers]( Researchers tested their theory on nine chargers, each different and available to consumers, and found them all vulnerable to their attacks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISO and CIO Convergence: Ready or Not, Here It Comes]( Recent shifts underscore the importance of collaboration and alignment between these two IT leaders for successful digital transformation. [4 Key Steps to Reevaluate Your Cybersecurity Priorities]( Amid a spike in attacks, now is a good time for brands to strengthen their cybersecurity strategy. [Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP]( One of the worst hacks in history demonstrated that any online service must force its users to adopt at least two-factor authentication. This must be applied everywhere ASAP as a public safety measure. [We're at a Pivotal Moment for AI and Cybersecurity]( But generative AI's ability to strengthen security and fortify defenses can keep bad actors in check. [MORE]( PRODUCTS & RELEASES [Vade Releases 2023 Phishers' Favorites Report]( [Strata Identity Reins in Global Access and Compliance Challenges With Cross-Border Orchestration Recipes]( [Quorum Cyber Joins Elite Microsoft FastTrack-Ready Partner Group]( [LightEdge Releases Next-Gen Suite of Cloud Security & Managed Services]( [Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID]( [Perforce to Acquire Delphix, Adding Enterprise Data Management Software to its DevOps Portfolio]( [Demand for 'Secure by Design' Product Growing, Creating Opportunity for Software Security Specialization]( [Cobalt's New Report Uncovers a Big Shift in Cybersecurity Strategy]( [Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks]( [JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug]( Microsoft has observed signs of active exploits targeting CVE-2024-21410. LATEST FROM THE EDGE [Library Cyber Defenses Are Falling Down]( Librarians are being asked to defend themselves online against sophisticated and complex attacks. It's an unequal fight. LATEST FROM DR TECHNOLOGY [What Using Security to Regulate AI Chips Could Look Like]( An exploratory research proposal is recommending regulation of AI chips and stronger governance measures to keep up with the rapid technical innovations in artificial intelligence. LATEST FROM DR GLOBAL [Q&A: The Cybersecurity Training Gap in Industrial Networks]( Cyberattacks and threats increasingly are honed in on ICS/OT networks, but security training for operators of these critical infrastructure environments is perilously scarce. WEBINARS - [Securing the Software Development Life Cycle from Start to Finish]( - [API Security: Protecting Your Application's Attack Surface]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Solution Guide to Operational Technology Cybersecurity]( - [Demystifying Zero Trust in OT]( - [Secure Access for Operational Technology at Scale]( - [Stopping Active Adversaries: Lessons from the Cyber Frontline]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( - [Global Perspectives on Threat Intelligence]( - [2023 Snyk AI-Generated Code Security Report]( [View More White Papers >>]( FEATURED REPORTS - [Zero-Trust Adoption Driven by Data Protection]( - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121490&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_02.22.24&sp_cid=52112&utm_content=DR_NL_Dark%20Reading%20Weekly_02.22.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#2a If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)