October 30, 2024 at 10:03AM A recently patched security flaw in the Opera browser, identified as CrossBarking, allowed malicious extensions to access private APIs, facilitating actions like screenshot capture and account hijacking. Guardio Labs demonstrated the exploit using a benign extension. The incident highlights ongoing security concerns and the need for stricter monitoring of browser … Read more
July 29, 2024 at 02:48PM Guardio Labs reported that threat actors exploited a misconfiguration in Proofpoint’s email protection service to conduct a large-scale phishing campaign. The vulnerability, named EchoSpoofing, allowed attackers to send millions of phishing emails per day and bypass security measures, spoofing well-known brands. Proofpoint has been working to address the issue and … Read more
July 29, 2024 at 09:57AM The ‘EchoSpoofing’ phishing campaign exploited Proofpoint’s email protection service, sending millions of spoofed emails impersonating major companies. The emails aimed to steal personal info and incurred charges, while passing SPF and DKIM checks. Guardio Labs discovered and helped fix the security gap, leading to Proofpoint tightening security and introducing new … Read more
July 29, 2024 at 09:24AM An unknown threat actor exploited an email routing misconfiguration in Proofpoint’s defenses to send millions of spoofed emails. The campaign, named EchoSpoofing, began in January 2024 and utilized SMTP servers on virtual private servers, bypassing major security protections. The attacker sent messages impersonating legitimate domains, and the technique eluded detection. … Read more
March 27, 2024 at 09:09AM A security flaw in Microsoft Edge browser, CVE-2024-21388, allowed attackers to covertly install browser extensions with broad permissions via a private API, impacting version 121.0.2277.83. The bug enabled installation of malicious extensions without user consent, posing a privilege escalation threat, emphasizing the need for balancing user convenience and security. Key … Read more
February 27, 2024 at 09:29AM The “SubdoMailing” ad fraud campaign utilizes over 8,000 legitimate domains and 13,000 subdomains to send up to five million fraudulent emails daily. Notable brands like MSN, VMware, and eBay have been unknowingly involved, aiding in bypassing spam filters. The threat actors profit from ad views and scams, with Guardio Labs … Read more
February 26, 2024 at 11:01AM A massive ad fraud campaign, “SubdoMailing,” utilizes over 8,000 legitimate internet domains and 13,000 subdomains to send up to 5 million scam and malvertising emails daily, bypassing spam filters and leveraging trusted company domains. Notable companies affected include MSN, VMware, and eBay. The campaign generates revenue through fraudulent ad views … Read more
February 26, 2024 at 09:15AM Over 8,000 subdomains of reputable brands and institutions have been illicitly commandeered as part of a spam and click monetization system known as SubdoMailing. The ResurrecAds threat actor is responsible for this intricate campaign, using the hijacked domains to distribute phishing emails and circumvent security measures. Guardio Labs is actively … Read more
January 16, 2024 at 09:12AM Vulnerability in Opera browser feature My Flow allowed remote code execution. Guardio Labs found old, vulnerable landing pages and created a proof-of-concept to execute malicious code. The issue was resolved in November 2023. Opera confirmed the vulnerability and deployed a fix. No evidence of in-the-wild exploitation was found. Opera is … Read more