Sign up to save your podcasts
Or
Share Salesforce's trusted domain of doom
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Salesforce's trusted domain of doom
Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars.
And we discuss why data breach communications still default to "we take security seriously" while quietly implying "assume no breach" - until the inevitable walk-back.
Plus, we take a look at ITV's phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.
Hear all this and more in episode 437 of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Paul Ducklin.
EPISODE LINKS:
- Harrods suffers new data breach exposing 430,000 customer records - Bleeping Computer.
- Caméras dissimulées : la CNIL sanctionne la Samaritaine - CNIL.
- ‘Total internet blackout’ in Afghanistan sparks panic after Taliban vowed to stamp out immoral activities - CNN.
- ForcedLeak: AI Agent risks exposed in Salesforce AgentForce - Noma.
- The Hack - itvX.
- The Hack - YouTube.
- The Rosetta Stone: The Story of the Decoding of Hieroglyphics - Amazon.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
SPONSORS:
- SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.
- ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
- Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!
FOLLOW THE SHOW:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
ENJOYED THE SHOW?
Make sure to check out our sister podcast, "The AI Fix".
Privacy & Opt-Out: https://redcircle.com/privacy
View all episodes
By Graham Cluley
4.5
315315 ratings
Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars.
And we discuss why data breach communications still default to "we take security seriously" while quietly implying "assume no breach" - until the inevitable walk-back.
Plus, we take a look at ITV's phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.
Hear all this and more in episode 437 of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Paul Ducklin.
EPISODE LINKS:
- Harrods suffers new data breach exposing 430,000 customer records - Bleeping Computer.
- Caméras dissimulées : la CNIL sanctionne la Samaritaine - CNIL.
- ‘Total internet blackout’ in Afghanistan sparks panic after Taliban vowed to stamp out immoral activities - CNN.
- ForcedLeak: AI Agent risks exposed in Salesforce AgentForce - Noma.
- The Hack - itvX.
- The Hack - YouTube.
- The Rosetta Stone: The Story of the Decoding of Hieroglyphics - Amazon.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
SPONSORS:
- SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.
- ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
- Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!
FOLLOW THE SHOW:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
ENJOYED THE SHOW?
Make sure to check out our sister podcast, "The AI Fix".
Privacy & Opt-Out: https://redcircle.com/privacy
More shows like Smashing Security
View all
Hacked
185 Listeners
Security Now (Audio)
2,004 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
638 Listeners
CyberWire Daily
1,022 Listeners
Click Here
415 Listeners
Darknet Diaries
8,010 Listeners
Cybersecurity Today
174 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Hacker And The Fed
169 Listeners
The AI Fix
33 Listeners