6 GHz Wi-Fi Flaws Could Disrupt Critical Systems
Automated Frequency Coordination systems by default trust client-side data, which could lead to location spoofing and other attacks that disrupt traffic.
Spoofing impersonates trusted users, devices, or services to bypass trust and cause fraud; verify identities with strong authentication and signed messages.
Search across headline titles and summaries.
Background for this topic.
Spoofing is the forging of an identity or origin so a message, connection, website, or phone call appears to come from a trusted source. Attackers may impersonate an executive by email, imitate a domain, falsify caller ID, or place packets with a forged source IP address. The goal can be to induce payment or disclosure, deliver malware, bypass trust checks, or obscure the source of traffic. IP spoofing usually prevents a reply from reaching the attacker, but can support reflection attacks; it is not by itself proof of access to the claimed system.
Mitigation depends on the channel. For email, configure and enforce SPF, DKIM, and DMARC, while treating display names and caller ID as untrusted signals. Use phishing-resistant authentication, verify sensitive requests through an independent channel, and validate domains and certificates before users enter credentials. At network boundaries, apply ingress and egress source-address filtering, monitor anomalous traffic, and design services not to trust a claimed address alone.
Weekly headline count for the current query.
Automated Frequency Coordination systems by default trust client-side data, which could lead to location spoofing and other attacks that disrupt traffic.
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.
Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.
The "Direct Send" feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways.
A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications.
Opportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal's national airline in a campaign offering compensation for delayed or disrupted flights.
An Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border.
The attackers are taking an indirect approach to targeting SEO professionals and their Google credentials, using a fake digital marketing website.
Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud.
Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.
Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.
The malware, first discovered two years ago, has returned in campaigns using SEO poisoning.
North Korean espionage campaign delivers updated BeaverTail info stealer by spoofing legitimate video calling service, researcher finds.
Organizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings.
Caller ID spoofing and AI voice deepfakes are supercharging phone scams. Fortunately, we have tools to help organizations and people protect against the devious combination.
Cybercriminals are using AI to impersonate small businesses. Security architects are using it to help small businesses fight back.
Effective Rhadamanthys phishing campaign spoofs nonexistent "Federal Bureau of Transportation" to compromise recipients, analysts discover.
Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line.
"Infernal Drainer" campaign represents a dangerous evolution in crypto-drainers, credibly spoofing Coinbase and maintaining a vast infrastructure-for-rent biz.