Security News

3290 readers

1 users here now

founded 2 years ago

MODERATORS

“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild (labs.guard.io)

submitted 2 years ago by IllNess to c/securitynews

1 comments fedilink hide all child comments

top 1 comments

sorted by: hot top controversial new old

[–] IllNess 2 points 2 years ago

Guardio’s Email Protection has detected a sophisticated email phishing campaign exploiting a 0-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Guardio Labs’ research team has uncovered an actively exploited vulnerability enabling threat actors to craft targeted phishing emails under the Salesforce domain and infrastructure. Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s web games platform. Guardio Labs has disclosed these findings and worked with Salesforce and Meta to close the vulnerabilities and misuse.