"Phishing Campaign Targeted US Executives Exploiting a Flaw in Indeed Job Search Platform"
According to Menlo Security researchers, threat actors have used an open redirection vulnerability contained by the Indeed job search platform to carry out phishing attacks. The phishing attacks targeted senior executives in banking, finance, insurance, real estate, manufacturing, and other industries. The campaign was observed between July and August, with threat actors using the phishing kit known as EvilProxy. EvilProxy actors use Reverse Proxy and Cookie Injection to circumvent two-factor authentication (2FA). The attackers exploited the open redirection vulnerability on Indeed to redirect victims to phishing pages impersonating Microsoft. The fake Microsoft Online login page stems from the EvilProxy framework, which dynamically fetches all content from the legitimate login site. This article continues to discuss the exploitation of an open redirection vulnerability in the Indeed job search platform to conduct phishing attacks.
Submitted by grigby1