Salesforce email zero-day exploit and Microsoft Power Platform criticism
Hackers exploit a 0-day vulnerability in Salesforce’s email services, Microsoft fixes Power Platform flaw after being criticized by a company CEO and the versioning Google Play security bypass technique. Catch all this and more in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. Threat actors exploit Salesforce email services zero-day for Facebook phishing attack
Guardio Labs analysts recently discovered that hackers exploited a flaw in Salesforce’s email system to send phishing emails to Facebook users. Leveraging Salesforce's trusted infrastructure, the attackers evaded standard email defenses, sending deceptive messages from a "salesforce.com" domain. These emails misdirected victims to a fake page on Facebook's gaming platform, posing as "Meta Platforms." Salesforce rectified the vulnerability a month following the report, while Meta continues its investigation into the security lapse.
2. Microsoft addresses Power Platform flaw after criticism from Tenable CEO
Microsoft on Friday announced a fix for a critical Power Platform flaw. This vulnerability, pinpointed by Tenable in March 2023, risked an unauthorized fix for a critical flaw in Power Platformdata access. In response, Microsoft provided an initial patch in June. However, it wasn't until August 2 that they rolled out a comprehensive solution. Amid these developments, Tenable CEO Amit Yoran expressed concerns about the delay. In response, the tech giant emphasized the challenge of swiftly patching without compromising security.
3. Google reveals how malicious actors use versioning to bypass Play Store security
Google Cloud's security team recently highlighted a sneaky method hackers use to get around Play Store's safety measures. They start with genuine apps and later slip in harmful updates or use dynamic code loading (DCL) to bypass checks. Even with Google's tight screening, DCL can find a way through. One example of this is the SharkBot malware; it seems safe initially but shows its malicious intent after download. Google warns users to be vigilant and stresses the importance of only updating apps through official channels.
4. Reptile Rootkit deployed in attacks on Linux systems in South Korea
South Korean Linux systems are under attack. Researchers from AhnLab Security Emergency Response Center (ASEC) identified threat actors using an open-source rootkit called Reptile. Distinct from other rootkits, Reptile boasts a reverse shell, anticipating specific attacker commands. Multiple campaigns since 2022 have weaponized Reptile, with notable use by a China-linked group exploiting Fortinet vulnerabilities. A unique feature, the KHOOK engine, lets Reptile tap into Linux functionalities. Further, ASEC's study found these actors using an uncommon ICMP-based shell, named ISH, to cleverly sidestep regular network detections. The open-source nature of Reptile means it's adaptable, raising concerns about its evolving use in future cyberattacks.
5. Researchers reveal Amazon’s AWS SSM agent can be used as a RAT
Mitiga researchers have identified a flaw in Amazon’s AWS System Manager (SSM) agent that enables hackers to use it as a Remote Access Trojan (RAT). This malware can secretly infiltrate both Windows and Linux systems, bypassing typical security detections. Mitiga warns that cybercriminals might exploit this method if not already doing so. The vulnerability hinges on the SSM agent's "hybrid" mode, which potentially grants attackers access even outside AWS environments. While Amazon insists its software operates as intended, they recommend customers follow best practices for enhanced security.
See Infosec IQ in action
In this Series
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Uber data leaked, 48 DDoS-for-hire domains seized and Facebook posts phishing attack
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
