Hackers exploit Salesforce email zero-day for Facebook phishing campaign

Attacks stole 2FA codes, too

clock • 3 min read
Hackers exploit Salesforce email zero-day for Facebook phishing campaign

Guardio Labs researchers have uncovered a sophisticated phishing campaign that took advantage of a zero-day in Salesforce email services and SMTP servers, enabling malicious actors to specifically target Facebook users.

The threat actors used a vulnerability named "PhishForce" to conceal malicious email traffic in Salesforce's legitimate email gateway services, capitalising on Salesforce and Meta's size and reputa...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
London & Zurich ransomware attack sparks financial crisis for businesses

Hacking

Details on when exactly full services will resume remain elusive

clock 24 November 2023 • 3 min read
YouTube introduces load delays to combat ad blockers

Product

Urges users to 'try YouTube Premium for an ad-free experience'

clock 23 November 2023 • 2 min read
St Mary's Lowe House Catholic Church sits at the heart of St Helens

Hacking

Council still in extended period of recovery

clock 21 November 2023 • 2 min read

More on Threats and Risks

Microsoft, Dell and Lenovo laptops vulnerable to Windows Hello authentication flaw

Microsoft, Dell and Lenovo laptops vulnerable to Windows Hello authentication flaw

Researchers employed reverse engineering techniques on both software and hardware

clock 27 November 2023 • 2 min read
Microsoft’s Patch Tuesday fixes five zero-days

Microsoft's Patch Tuesday fixes five zero-days

Plus three Critical flaws

John Leonard
clock 15 November 2023 • 2 min read
NCSC: Critical infrastructure security not keeping up with threats

NCSC: Critical infrastructure security not keeping up with threats

The UK's National Cyber Security Centre (NCSC) has once again voiced concerns over the rising threat to the UK's critical national infrastructure (CNI) in a report published on Monday.

clock 15 November 2023 • 2 min read