Microsoft Exchange adds warning to emails abusing spoofing flaw

November 12, 2024 at 04:47PM Microsoft revealed a critical vulnerability (CVE-2024-49040) in Exchange Server 2016 and 2019, allowing email spoofing by forging legitimate senders. Discovered by Vsevolod Kokorin, the flaw leads to exploitation risks. Microsoft has released updates for detection and added warning banners for suspicious emails, urging users to maintain security features. ### Meeting … Read more

Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains

July 31, 2024 at 10:51AM Newly discovered vulnerabilities in hosted email services can allow threat actors to spoof sender identities and bypass security measures. The flaws, CVE-2024-7208 and CVE-2024-7209, enable authenticated attackers to send emails from different domains, potentially affecting over 20 million domains and numerous vendors. Measures to address the vulnerabilities include enhanced identity … Read more