August 2, 2024 at 11:46AM The EchoSpoofing campaign sent millions of fake emails, exploiting a vulnerability in Proofpoint’s email protection service and Microsoft 365. By using a misconfiguration flaw, the attackers impersonated blue chip companies like Disney and Coca-Cola, exploiting the trust between Microsoft 365 and Proofpoint to send fraudulent emails. Proofpoint implemented a fix, … Read more
July 29, 2024 at 02:48PM Guardio Labs reported that threat actors exploited a misconfiguration in Proofpoint’s email protection service to conduct a large-scale phishing campaign. The vulnerability, named EchoSpoofing, allowed attackers to send millions of phishing emails per day and bypass security measures, spoofing well-known brands. Proofpoint has been working to address the issue and … Read more
July 29, 2024 at 09:57AM The ‘EchoSpoofing’ phishing campaign exploited Proofpoint’s email protection service, sending millions of spoofed emails impersonating major companies. The emails aimed to steal personal info and incurred charges, while passing SPF and DKIM checks. Guardio Labs discovered and helped fix the security gap, leading to Proofpoint tightening security and introducing new … Read more
March 25, 2024 at 12:11PM The StrelaStealer malware has impacted over 100 organizations in the U.S. and Europe, targeting email account credentials. Originally targeting Spanish-speaking users, it now targets U.S. and European individuals. Its distribution through phishing campaigns has substantially increased, with evolved infection methods. The malware’s primary goal remains stealing email login information and … Read more