Collaborate Disseminate
Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing malware. Examples of phishing messages. (Source: Guardio Labs) The campaign Hijack… Continue reading Requests via Facebook Messenger lead to hijacked business accounts
The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability… Continue reading Salesforce and Meta suffer phishing campaign that evades typical detection methods
A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. While this specific trick isn’t new, this time around the extension also worked a… Continue reading Fake ChatGPT for Google extension hijacks Facebook accounts
After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts. Another reminder: just because caller ID says FDIC… Continue reading SVB account holders targeted with phishing, scams
ChatGPT has garnered a lot of questions about its security and capacity for manipulation, partly because it is a new software that has seen unprecedented growth (hosting 100 million users just two months following its launch). Security concerns vary fr… Continue reading Fake ChatGPT Chrome extension targeted Facebook Ad accounts
A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, Guardio researchers have discovered. By abusing the fully-featured 14-day trial op… Continue reading A flaw in ConnectWise Control spurred the company to make life harder for scammers
Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal information from users’ online services. The vulnerability, a Universal X… Continue reading Evernote Chrome extension flaw could have allowed access to personal info
Evernote last month fixed a security flaw in a Google Chrome extension that could have allowed hackers to access information about roughly 4.6 million users, according to new research. Security vendor Guardio announced Wednesday it had discovered a vulnerability in Evernote’s Web Clipper extension for Chrome that could have allowed attackers to bypass the browser’s “same origin policy,” a security protocol meant to limit malicious scripts from spreading. Exploiting the flaw would have allowed attackers to gain privileges outside Evernote’s domain in Chrome — including access to a user’s other web content and services, researchers said. Evernote resolved the flaw within days, Guardio said, and there is no evidence the bug was exploited. Evernote did not respond to a request for comment from CyberScoop. The California company designs note-taking software that syncs and archives user files like lists, file attachments and websites between multiple devices. “Evernote was at the top of the list […]
The post Evernote patches flaw potentially affecting 4.6 million users of Google Chrome extension appeared first on CyberScoop.