Hackers exploit Salesforce email zero-day for Facebook phishing campaign

Attacks stole 2FA codes, too

clock • 3 min read
Hackers exploit Salesforce email zero-day for Facebook phishing campaign

Guardio Labs researchers have uncovered a sophisticated phishing campaign that took advantage of a zero-day in Salesforce email services and SMTP servers, enabling malicious actors to specifically target Facebook users.

The threat actors used a vulnerability named "PhishForce" to conceal malicious email traffic in Salesforce's legitimate email gateway services, capitalising on Salesforce and Meta's size and reputa...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
London & Zurich ransomware attack sparks financial crisis for businesses

Hacking

London & Zurich ransomware attack sparks financial crisis for businesses

Details on when exactly full services will resume remain elusive

clock 24 November 2023 • 3 min read
YouTube introduces load delays to combat ad blockers

Product

YouTube introduces load delays to combat ad blockers

Urges users to 'try YouTube Premium for an ad-free experience'

clock 23 November 2023 • 2 min read
St Mary's Lowe House Catholic Church sits at the heart of St Helens

Hacking

St Helens Council cyber attack caused substantial disruption

Council still in extended period of recovery

clock 21 November 2023 • 2 min read
Author spotlight

Dev Kundaliya

View profile
More from Dev Kundaliya

Adobe's Figma acquisition could harm innovation, UK regulator

Broadcom cuts workforce at VMware following $69bn acquisition

Most read
01

Law firm service provider CTS hit by major cyberattack

27 November 2023 • 2 min read
02

Cybercops bust ransomware gang that made "hundreds of millions"

29 November 2023 • 3 min read
03

SAP customers 'feel misled' by cloud-first push

29 November 2023 • 5 min read
04

Cancel culture row blights elite devcon

28 November 2023 • 4 min read
05

Broadcom cuts workforce at VMware following $69bn acquisition

28 November 2023 • 2 min read
Upcoming events
06 Dec
03:00PM
Website

Beyond the 9 to 5: How to protect yourself from “after hours” cyber attacks

Register now
14 Mar
06:00PM
Award

DevOps Excellence Awards 2024

Register now
02 May
06:00PM
Award

Security Excellence Awards 2024

Register now

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Threats and Risks

Microsoft, Dell and Lenovo laptops vulnerable to Windows Hello authentication flaw
Threats and Risks

Microsoft, Dell and Lenovo laptops vulnerable to Windows Hello authentication flaw

Researchers employed reverse engineering techniques on both software and hardware

Dev Kundaliya
clock 27 November 2023 • 2 min read
Microsoft’s Patch Tuesday fixes five zero-days
Threats and Risks

Microsoft's Patch Tuesday fixes five zero-days

Plus three Critical flaws

John Leonard
John Leonard
clock 15 November 2023 • 2 min read
NCSC: Critical infrastructure security not keeping up with threats
Threats and Risks

NCSC: Critical infrastructure security not keeping up with threats

The UK's National Cyber Security Centre (NCSC) has once again voiced concerns over the rising threat to the UK's critical national infrastructure (CNI) in a report published on Monday.

Muskan Arora
clock 15 November 2023 • 2 min read