Dear All,
The CERT Coordination Center (CERT/CC) at Carnegie Mellon University has published a vulnerability note describing a pair of vulnerabilities that could be exploited to spoof email addresses. The issue affects multiple Simple Mail Transfer Protocol (SMTP) servers. CERT/CC writes, “An authenticated attacker using network or SMTP authentication can spoof the identity of a shared hosting facility, circumventing any DMARC policy and sender verification provided by a domain name owner.”
GuardIO Labs posted a detailed write-up on "Echospoofing" and a massive spam campaign that abused Proofpoint and M365 SMTP services to spoof DMARC/DKIM/SPF-verified sending domains.
Read the details here:
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protecti...
Thanks for sharing @Edwin_CybSecGuy