Educause Security Discussion mailing list archives
Update : TargetX vulnerability post
From: Brian Kelly <bkelly () EDUCAUSE EDU>
Date: Fri, 5 Apr 2019 17:59:13 +0000
I wanted to update the community regarding my post yesterday. The CEO of TargetX reached out to me immediately and provided the information below. We had a great conversation today and he shares the spirit and intent of our Cybersecurity community and the value of information sharing. "Yesterday a blog post described an incident where an applicant accessed only his own data through a Salesforce default page without authorization. Due to permission settings, the applicant was able to demonstrate that he could read and edit select data. No other student data was accessed. When this was first reported in January, TargetX worked closely with our customer to resolve this situation by updating permissions settings. Since then they have updated customers on this issue, and continue to ensure that customers have the correct settings in place. TargetX takes all security issues seriously which is why the TargetX Recruitment platform is Salesforce Security Certified. In addition to that, we are continuously evaluating and updating our standards and recommendations." He added that TargetX customers can contact their Account Manager directly with any additional questions/concerns, access more information through TargetX's support community or email info () targetx com<mailto:info () targetx com> Brian Brian Kelly Director, Cybersecurity Program EDUCAUSE Uncommon Thinking for the Common Good Follow HEISC on LinkedIn<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7C%7C7197d41189e4414981ae08d69dc9670a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636869885680898966&sdata=%2FYvU%2BLTYHbPmcyL1AoksiKTSdMeFQ93qASFmTp8Emmo%3D&reserved=0> | Twitter: @HEISCouncil | bkelly () educause edu<mailto:bkelly () educause edu> direct: 720.406.6757 | mobile 475.449.6440 | educause.edu<http://www.educause.edu/> 1150 18th Street, NW, Suite 900 Washington, DC 20036
Current thread:
- Update : TargetX vulnerability post Brian Kelly (Apr 05)