Salesforce Zero-Day Exploited to Phish Facebook Credentials
The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.
Stay informed on the latest Facebook security updates and protect your personal data with expert analysis and tips on our Information Security tag.
Search across headline titles and summaries.
Background for this topic.
Facebook is a social networking platform for user profiles, messaging, groups, pages, and content sharing, delivered through web and mobile clients and interfaces for third-party applications. Its security relevance comes from concentrating identity, relationships, communications, and personal data in a connected account ecosystem; compromise can expose private content or enable impersonation and targeted social engineering.
Security coverage includes vulnerabilities in Facebook’s clients, APIs, authentication, and account-recovery workflows, along with abuse of messages, groups, applications, and advertising features to distribute phishing or malicious links. Practitioners should distinguish platform flaws from credential theft or fraudulent content, assessing advisories by affected component, exploitability, and required updates. Privacy controls and third-party permissions reduce exposure but do not replace unique credentials, multi-factor authentication, session review, and prompt reporting; investigations may also require platform logs and preserved account or message evidence.
The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.
Time for a proper secure clinical image transfer system, perhaps? Staff at NHS Lanarkshire - which serves over half a million Scottish residents - used WhatsApp to swap photos and personal info about patients, including children's names and addresses.…
Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts. [...]
A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency
Unit 42 researchers detail a campaign that aimed to instal an infostealer variant capable of taking over Facebook business accounts
Patients’ personal data was shared on the app for years
Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones. [...]