A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure.
"Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook's Web Games platform,"
Improperly deactivated and abandoned SalesforceΒ SitesΒ andΒ CommunitiesΒ (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data.
Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources βghost sites.β
βWhen these Communities are no longer needed, though, they are often set aside but not deactivated,β Varonis
Login
FreshRSS