July 31, 2024 at 10:51AM Newly discovered vulnerabilities in hosted email services can allow threat actors to spoof sender identities and bypass security measures. The flaws, CVE-2024-7208 and CVE-2024-7209, enable authenticated attackers to send emails from different domains, potentially affecting over 20 million domains and numerous vendors. Measures to address the vulnerabilities include enhanced identity … Read more
July 29, 2024 at 09:24AM An unknown threat actor exploited an email routing misconfiguration in Proofpoint’s defenses to send millions of spoofed emails. The campaign, named EchoSpoofing, began in January 2024 and utilized SMTP servers on virtual private servers, bypassing major security protections. The attacker sent messages impersonating legitimate domains, and the technique eluded detection. … Read more
May 2, 2024 at 09:13AM In early 2024, the adoption of Domain-based Messaging Authentication, Reporting and Conformance (DMARC) increased as companies prepared for Google and Yahoo’s mandates. However, many companies have only completed minimal DMARC configurations due to concerns about potential email service disruptions. The deployment of DMARC can be simple for smaller businesses but … Read more