News

Salesforce email zero-day exploit and Microsoft Power Platform criticism

Dan Virgillito
August 7, 2023 by
Dan Virgillito

Hackers exploit a 0-day vulnerability in Salesforce’s email services, Microsoft fixes Power Platform flaw after being criticized by a company CEO and the versioning Google Play security bypass technique. Catch all this and more in this week’s edition of Cybersecurity Weekly.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

1. Threat actors exploit Salesforce email services zero-day for Facebook phishing attack

Guardio Labs analysts recently discovered that hackers exploited a flaw in Salesforce’s email system to send phishing emails to Facebook users. Leveraging Salesforce's trusted infrastructure, the attackers evaded standard email defenses, sending deceptive messages from a "salesforce.com" domain. These emails misdirected victims to a fake page on Facebook's gaming platform, posing as "Meta Platforms." Salesforce rectified the vulnerability a month following the report, while Meta continues its investigation into the security lapse.

Read more »

2. Microsoft addresses Power Platform flaw after criticism from Tenable CEO

Microsoft on Friday announced a fix for a critical Power Platform flaw. This vulnerability, pinpointed by Tenable in March 2023, risked an unauthorized fix for a critical flaw in Power Platformdata access. In response, Microsoft provided an initial patch in June. However, it wasn't until August 2 that they rolled out a comprehensive solution. Amid these developments, Tenable CEO Amit Yoran expressed concerns about the delay. In response, the tech giant emphasized the challenge of swiftly patching without compromising security.

Read more »

3. Google reveals how malicious actors use versioning to bypass Play Store security

Google Cloud's security team recently highlighted a sneaky method hackers use to get around Play Store's safety measures. They start with genuine apps and later slip in harmful updates or use dynamic code loading (DCL) to bypass checks. Even with Google's tight screening, DCL can find a way through. One example of this is the SharkBot malware; it seems safe initially but shows its malicious intent after download. Google warns users to be vigilant and stresses the importance of only updating apps through official channels.

Read more »

4. Reptile Rootkit deployed in attacks on Linux systems in South Korea

South Korean Linux systems are under attack. Researchers from AhnLab Security Emergency Response Center (ASEC) identified threat actors using an open-source rootkit called Reptile. Distinct from other rootkits, Reptile boasts a reverse shell, anticipating specific attacker commands. Multiple campaigns since 2022 have weaponized Reptile, with notable use by a China-linked group exploiting Fortinet vulnerabilities. A unique feature, the KHOOK engine, lets Reptile tap into Linux functionalities. Further, ASEC's study found these actors using an uncommon ICMP-based shell, named ISH, to cleverly sidestep regular network detections. The open-source nature of Reptile means it's adaptable, raising concerns about its evolving use in future cyberattacks.

Read more »

5. Researchers reveal Amazon’s AWS SSM agent can be used as a RAT

Mitiga researchers have identified a flaw in Amazon’s AWS System Manager (SSM) agent that enables hackers to use it as a Remote Access Trojan (RAT). This malware can secretly infiltrate both Windows and Linux systems, bypassing typical security detections. Mitiga warns that cybercriminals might exploit this method if not already doing so. The vulnerability hinges on the SSM agent's "hybrid" mode, which potentially grants attackers access even outside AWS environments. While Amazon insists its software operates as intended, they recommend customers follow best practices for enhanced security.

Read more »

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.