Aggregator

You must login to view this content

Salesforce customers have, once again, been targeted by the ShinyHunters group – or, at least, it’s what the group claims. Attackers modified and abused benign tool On Saturday, Saleforce confirmed that its security team has identified an attack campaign by unnamed malicious actors looking to access customers’ data. The attackers are not leveraging a vulnerability in the Salesforce platform, the company said, but are using a modified version of the open-source tool Aura Inspector – … More →

The post ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites appeared first on Help Net Security.

Russian threat actors for more than a year have targeted HR and recruiting operations in a sophisticated phishing and infostealing campaign that includes a component, dubbed BlackSanta, that can shut down antivirus tools and EDR protections before deploying the malware that exfiltrates data, Aryaka researchers say.

The post BlackSanta Malware Shuts Down Protections, Targets HR and Recruiting Operations appeared first on Security Boulevard.

A vishing-as-a-service platform that helps scammers carry out so-called “press 1” scams is misusing text-to-speech (TTS) capabilities provided by AI voice technology company ElevenLabs, Mirage Security researchers claim. How “press 1” vishing scams work For “press 1” scams, fraudsters spoof phone numbers of trusted institutions (e.g., bank), call up potential victims and try to scare them with pre-recorded messages into sharing sensitive information. When impersonating banks, for example, the fraudsters first play a message that … More →

The post Researchers uncover AI-powered vishing platform appeared first on Help Net Security.