Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
Spam can deliver phishing links, malware, and fraudulent messages, making it a path for account theft and other cyberattacks.
Search across headline titles and summaries.
Background for this topic.
Spam is unsolicited, usually bulk messaging sent through email, text messages, social platforms, or other communication services. It may be commercial advertising, but security-relevant spam commonly includes deceptive messages designed to look like trusted communications. Automated campaigns can target large numbers of recipients at low cost, while compromised accounts and spoofed sender identities can make messages appear more credible.
Spam is a delivery channel for phishing, malware, fraudulent payment requests, and credential theft; links or attachments should therefore be treated as untrusted until verified. Defenses include reputation and content filtering, user reporting, attachment and URL analysis, and email authentication controls such as SPF, DKIM, and DMARC to reduce sender spoofing. Security teams should preserve relevant message headers and indicators when investigating campaigns, blocking associated infrastructure and checking whether recipients interacted with the content.
Weekly headline count for the current query.
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
The acquisition allows the credit reporting agency to add SMS spam and scam prevention to its robocall blocking capabilities.
The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.
Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms.
A Chinese-language threat actor uses every part of the kill: infecting Web servers with malware, poisoning sites with SEO spam, and stealing organizational data for follow-on attacks.
Japan is being peppered with an overwhelming volume of spam, thanks to a new platform popular across the East China Sea.
Darktrace researchers detailed "spam bombing," a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns.
Injected malicious JavaScript code gives attackers administrator rights on websites, and fills sites with SEO spam.
Stealthy ad fraud rings turn legitimate marketing into spam at a large scale, creating 200M+ bid requests daily.
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
Users could hold up to five SIM cards previously, but now they can only have two; it's a move that the government says is intended to cut down mobile spam levels.
A novel credential harvester compromises SMTP services to steal data from a range of hosted services and providers, and can also launch SMS-based spam attacks against devices using US mobile carriers.
DMARC blocks spam and phishing emails sent from spoofed domains, and it's vastly underutilized, a new report says.
Revived levels of holiday spending have caught the eye of threat actors who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays.
Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks.
Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.
Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU.