cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor III

Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains

Dear All,

 

The CERT Coordination Center (CERT/CC) at Carnegie Mellon University has published a vulnerability note describing a pair of vulnerabilities that could be exploited to spoof email addresses. The issue affects multiple Simple Mail Transfer Protocol (SMTP) servers. CERT/CC writes, “An authenticated attacker using network or SMTP authentication can spoof the identity of a shared hosting facility, circumventing any DMARC policy and sender verification provided by a domain name owner.”

 

https://www.securityweek.com/vulnerabilities-enable-attackers-to-spoof-emails-from-20-million-domain...

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
2 Replies
Edwin_CybSecGuy
Newcomer I

GuardIO Labs posted a detailed write-up on "Echospoofing" and a massive spam campaign that abused Proofpoint and M365 SMTP services to spoof DMARC/DKIM/SPF-verified sending domains.

Read the details here:
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protecti...

Kyaw_Myo_Oo
Contributor III

Thanks for sharing @Edwin_CybSecGuy 

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP