“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild

By Oleg Zaytsev, Nati Tal (Guardio Labs)

Guardio’s Email Protection has detected a sophisticated email phishing campaign exploiting a 0-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Guardio Labs’ research team has uncovered an actively exploited vulnerability enabling threat actors to craft targeted phishing emails under the Salesforce domain and infrastructure.…

Read More

[Update] November 16, 2023: See the subheading: “Collaborative Advisory by CISA, FBI, and MS-ISAC on Rhysida Ransomware.”

[Update] February 13, 2024: “A Free Decryption Tool Released”

The digital world is an ever-evolving landscape, and with it comes the evolution of cyber threats. One such emerging threat is the Rhysida Ransomware Group, a new player in the cybercrime arena that has been making waves since its first sighting in May 2023.…

Read More

Reptile is an open-source kernel module rootkit that targets Linux systems and is publicly available on GitHub. [1] Rootkits are malware that possess the capability to conceal themselves or other malware. They primarily target files, processes, and network communications for their concealment. Reptile’s concealment capabilities include not only its own kernel module but also files, directories, file contents, processes, and network traffic.…

Read More
Introduction

At the end of 2019, the team at the Positive Technologies Expert Security Center (PT ESC) discovered a new cybercrime group, which they dubbed Space Pirates. It had been active since at least 2017. The first-ever comprehensive research paper describing the group saw light in early 2022. The Space Pirates group have since stepped up attacks on Russian companies: we have come across the group frequently while investigating cyberattacks in the past year.…

Read More

The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14, 2023 and continued over the weekend, peaking at 1.3 million attacks against 157,000 sites on Saturday, July 16, 2023.…

Read More

Affected platforms: Microsoft WindowsImpacted parties: Windows usersImpact: Control and collect sensitive information from a victim’s deviceSeverity level: Critical

In a recent FortiGuard Labs investigation, we came across several malicious Microsoft Office documents designed to exploit known vulnerabilities. Specifically, CVE-2021-40444 and CVE-2022-30190 are remote code execution vulnerabilities.…

Read More

SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto | Sysdig

SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture.…

Read More

August 8, 2023 update: Microsoft released security updates to address CVE-2023-36884. Customers are advised to apply patches, which supersede the mitigations listed in this blog, as soon as possible.

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America.…

Read More