Home
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Home
Forums
Brown Cafe UPS Forum
The Latest UPS Headlines
Phishing campaign uses UPS.com XSS vuln to distribute malware
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="cheryl" data-source="post: 4976489" data-attributes="member: 1"><p><a href="https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-upscom-xss-vuln-to-distribute-malware/" target="_blank"><strong>Phishing campaign uses UPS.com XSS vuln to distribute malware - Bleeping Computer</strong></a></p><p></p><p>A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents.</p><p></p><p>The phishing scam was first discovered by security research <a href="https://twitter.com/DanielGallagher/status/1429794038463479813" target="_blank">Daniel Gallagher</a> and pretended to be an email from UPS stating that a package had an "exception" and needs to be picked up by the customer.</p><p></p><p>What makes this phishing attack stand out is that the threat actor used the XSS vulnerability in UPS.com to modify the site's regular page to look like a legitimate download page.</p><p></p><p>This vulnerability allowed the threat actor to distribute a malicious document through a remote Cloudflare worker but make it look like it was being downloaded directly from UPS.com.</p></blockquote><p></p>
[QUOTE="cheryl, post: 4976489, member: 1"] [URL='https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-upscom-xss-vuln-to-distribute-malware/'][B]Phishing campaign uses UPS.com XSS vuln to distribute malware - Bleeping Computer[/B][/URL] A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. The phishing scam was first discovered by security research [URL='https://twitter.com/DanielGallagher/status/1429794038463479813']Daniel Gallagher[/URL] and pretended to be an email from UPS stating that a package had an "exception" and needs to be picked up by the customer. What makes this phishing attack stand out is that the threat actor used the XSS vulnerability in UPS.com to modify the site's regular page to look like a legitimate download page. This vulnerability allowed the threat actor to distribute a malicious document through a remote Cloudflare worker but make it look like it was being downloaded directly from UPS.com. [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
Brown Cafe UPS Forum
The Latest UPS Headlines
Phishing campaign uses UPS.com XSS vuln to distribute malware
Top
