Tag Archive for: facebook

Hackers exploit Salesforce email zero-day for Facebook phishing campaign


The threat actors used a vulnerability named “PhishForce” to conceal malicious email traffic in Salesforce’s legitimate email gateway services, capitalising on Salesforce and Meta’s size and reputation.

The attackers managed to evade conventional detection methods by “leveraging Salesforce’s domain and reputation and exploiting legacy quirks in Facebook’s web games platform,” the researchers added.

Salesforce has around 150,000 clients, a significant number of which are small businesses. Security vulnerabilities like these could be especially detrimental to SMBs, up to and including the closure of their business, if hackers get access to their sensitive data.

The Email Gateway feature is an important part of the Salesforce CRM. It consists of specialised servers dedicated to efficiently sending a large volume of email notifications and messages to customers worldwide.

Customers using the Salesforce CRM can send emails under their own brand by using custom domains. However, to ensure security and prevent abuse, the system follows a process of validating the ownership of the domain name before allowing emails to be sent.

The validation step ensures that only legitimate and authorised users can use custom domains for sending emails through the Salesforce platform.

In this phishing campaign, however, the fraudulent email messages appeared to come from Meta, while actually being sent from an email address with a “@salesforce.com” domain.

The campaign’s primary objective is to trick recipients into clicking on a link by claiming their Facebook accounts are under investigation, due to alleged involvement in impersonation activities (oh, the irony).

Upon clicking the embedded button, the victim is redirected to a rogue landing page hosted and displayed as part of the Facebook gaming platform (“apps.facebook.com”).

This tactic adds further legitimacy to the attack, making it significantly more challenging for email recipients to discern the page’s fraudulent nature.

The landing page is designed to capture the victim’s account credentials, as well as any two-factor authentication (2FA) codes they might enter.

Swift response

Upon replicating the creation of a Salesforce-branded address…

Source…

Best Top-5 Websites to learn Cyber-Security & Ethical Hacking || For Free.



Meta warns of ChatGPT malware on Facebook – Global Village Space


AI Tools: The New Weapon for Malware Attacks

Artificial Intelligence (AI) has become a buzzword in the tech industry, and it seems that everyone is obsessed with it, including hackers. In a recent security report released by Facebook’s parent company, Meta, the company’s security team has been tracking new malware threats that weaponize the current AI trend.

Meta claims that it has discovered “around ten new malware families” that are using AI chatbot tools like OpenAI’s popular ChatGPT to hack into users’ accounts. One of the more pressing schemes, according to Meta, is the proliferation of malicious web browser extensions that appear to offer ChatGPT functionality. Users download these extensions for Chrome or Firefox, for example, in order to use AI chatbot functionality. Some of these extensions even work and provide the advertised chatbot features. However, the extensions also contain malware that can access a user’s device.

According to Meta, it has discovered more than 1,000 unique URLs that offer malware disguised as ChatGPT or other AI-related tools and has blocked them from being shared on Facebook, Instagram, and Whatsapp. Once a user downloads malware, bad actors can immediately launch their attack and are constantly updating their methods to get around security protocols. In one example, bad actors were able to quickly automate the process which takes over business accounts and provides advertising permissions to these bad actors.

Meta says it has reported the malicious links to the various domain registrars and hosting providers that are used by these bad actors. However, this is just the tip of the iceberg. Hackers are constantly evolving their tactics and using AI tools to make their attacks more sophisticated and harder to detect.

The use of AI in malware attacks is not new. In fact, it has been around for some time now. Hackers have been using machine learning algorithms to create more effective malware that can evade traditional security measures. They can also use AI to automate their attacks, making them faster and more efficient.

One of the most significant risks associated with AI-powered malware is that it can learn and…

Source…

Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram


Facebook parent Meta said it thwarted the activity of three advanced persistent threat groups (APTs) in South Asia engaged in cyber espionage as well as six adversarial groups from various global regions engaged in what it deems “inauthentic behavior” on Facebook and other social networks.

The company’s takedown of these and other activities on its platforms is indicative of a sea of consistent and globally dispersed exploitative behavior from threat actors to leverage various online platforms to create elaborate social-engineering campaigns to lure and exploit Internet users, the company said.

In most of the cases, threat actors are using Facebook and other social networking and media platforms —including Twitter, Telegram, YouTube, Medium, TikTok, and Blogspot — to create various fake online accounts and personas, according to Meta. The attackers used fake identities, including job recruiters, journalists, or even military personnel, to earn credibility with users and legitimate entities so they could engage in malicious threat activity, the company said.

In its Quarterly Adversarial Threat Report released today, Meta detailed these incidents as well as actions it’s now taking to minimize security threats that leverage its platforms.

The report draws from Meta’s security monitoring of the use of its platforms, as well as monitoring of the Internet overall in order to flag malicious activity, which is increasingly becoming more dispersed across various platforms and geographies and thus harder to track, Nathaniel Gleicher, head of security policy at Meta, told journalists in a briefing on the report May 2.

“These threats are extremely persistent, and that they’re not going anywhere because the threat actors behind them are financially motivated,” he said. “That’s why we see … adversarial adaptation … including malware operators, spreading themselves across many places at once. So each phase of the campaign relies on a different service to survive.”

As part of its work to combat this activity, Meta also plans to empower businesses as well with a new tool it will release later this year to help them identify malicious activity as well as malware being used by the threat groups…

Source…