Salesforce Zero-Day Exploited to Phish Facebook Credentials
The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.
Abuse covers the misuse of accounts, services, and systems for fraud, intrusion, harassment, or other harmful cyber activity.
Search across headline titles and summaries.
Background for this topic.
Abuse in cybersecurity means using systems, networks, or services in unauthorized or harmful ways, such as sending spam, hijacking accounts, or launching Distributed Denial of Service (DDoS) attacks. It often exploits weak authentication, misconfigurations, or gaps in policies to gain access or disrupt services. Common abuse techniques include credential stuffing, phishing, and using compromised infrastructure to amplify attacks.
Managing abuse is critical because it can degrade service availability, expose sensitive data, and damage organizational reputation. Security teams focus on detecting unusual activity patterns, enforcing multi-factor authentication, and applying rate limits to reduce automated abuse. Timely abuse reporting and automated detection tools help identify and block malicious behavior, making abuse mitigation a key part of maintaining secure and reliable systems.
The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will include the main executables for Microsoft's Outlook email client and Access database management system. [...]
Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees. [...]