"Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains"

Researchers have discovered two vulnerabilities that could allow threat actors to abuse hosted email services in order to spoof the sender's identity and evade protections. The identified vulnerabilities impact millions of domains. The CERT Coordination Center (CERT/CC) at Carnegie Mellon University warns that authenticated attackers can spoof the identity of a shared, hosted domain and use network authorization to spoof the email sender. The flaws stem from the failure of many hosted email services in properly verifying trust between the authenticated sender and their allowed domains. This article continues to discuss the potential exploitation and impact of the newly identified vulnerabilities in hosted email services.

SecurityWeek reports "Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains"

Submitted by grigby1