July 29, 2024 at 09:57AM The ‘EchoSpoofing’ phishing campaign exploited Proofpoint’s email protection service, sending millions of spoofed emails impersonating major companies. The emails aimed to steal personal info and incurred charges, while passing SPF and DKIM checks. Guardio Labs discovered and helped fix the security gap, leading to Proofpoint tightening security and introducing new … Read more
May 2, 2024 at 05:06PM North Korean hackers use weak DMARC configurations to impersonate organizations in phishing attacks against individuals targeted by the Kim Jong Un regime. FBI and NSA warn about APT Kimsuky’s exploiting of this vulnerability, posing significant risks. Proper DMARC, SPF, and DKIM configuration are crucial for preventing such cyber threats. Based … Read more
March 4, 2024 at 02:26PM Organizations globally and in the Middle East are swiftly adopting email authentication technologies, especially following recent mandates from Google and Yahoo. Strong adoption has already been seen in countries like Saudi Arabia and the United Arab Emirates. The trend is not only driven by regulations but also a proactive approach … Read more
December 18, 2023 at 03:20PM Attackers have developed a novel method called “SMTP smuggling” to exploit vulnerabilities in email servers, allowing them to send spoofed emails from legitimate domains and bypass email security checks. This technique affects servers from Microsoft, GMX, and Cisco, potentially putting organizations at risk for targeted phishing attacks. Microsoft and GMX … Read more