You may have seen the headlines recently. A new, sophisticated wave of cyberattacks has targeted the Salesforce environments of major, high-profile companies across various industries, including Google, Adidas, Chanel, and Qantas. The threat actors, a group linked to the notorious ShinyHunters, didn't exploit a vulnerability in the Salesforce platform itself. Instead, they used a far more dangerous weapon: social engineering.

These attacks utilized "vishing," or voice phishing, where hackers impersonated IT support staff. They convinced employees to grant them access by authorizing malicious connected apps, often disguised as legitimate tools like a fake Data Loader. Once approved, these apps gave the attackers API-level access to the company's Salesforce data, allowing them to exfiltrate vast amounts of sensitive customer information.

This series of events serves as a stark reminder that even the most secure platforms are only as strong as the people and processes that protect them. These recent attacks compelled me to share my knowledge with others, gained from over a decade of working on Salesforce orgs in highly regulated industries such as healthcare, financial technology, insurance, and asset management.

This newsletter series is designed to be one of many resources you utilize to securing your Salesforce org. We'll go beyond the headlines and provide actionable insights into every aspect of security. Once a week, I will post a new newsletter from the series from the below topics. As I post a new newsletter, I will update the sections below in the table of contents to be a directory to navigate to each category’s topic.

The topics for this newsletter series will overarching consist of behavioral security, authentication, user access management, data management, and secure coding.