SalesForceの脆弱性を悪用してFacebookアカウントを狙ったフィッシングメールが送信されていたとGuardioが報告。

“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild

Guardio’s Email Protection has detected a sophisticated email phishing campaign exploiting a 0-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Guardio Labs’ research team has uncovered an actively exploited vulnerability enabling threat actors to craft targeted phishing emails under the Salesforce domain and infrastructure. Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s web games platform. Guardio Labs has disclosed these findings and worked with Salesforce and Meta to close the vulnerabilities and misuse.

In this write-up, we will analyze the campaign, dissect the vulnerability finding and discuss how exploiting it gave threat actors leverage on conventional email filtering methods.
quoted from Guardio Labs

“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild
第三世代のウィルス対策
Nash
DeepInstinct
webサイト脆弱性診断
セキュリティポリシー
jyrosecurity (3)
Nash (4)
DeepInstinct
previous arrowprevious arrow
next arrownext arrow
Shadow