6 GHz Wi-Fi Flaws Could Disrupt Critical Systems
Automated Frequency Coordination systems by default trust client-side data, which could lead to location spoofing and other attacks that disrupt traffic.
Spoofing impersonates trusted users, devices, or services to bypass trust and cause fraud; verify identities with strong authentication and signed messages.
Search across headline titles and summaries.
Background for this topic.
Spoofing is the forging of an identity or origin so a message, connection, website, or phone call appears to come from a trusted source. Attackers may impersonate an executive by email, imitate a domain, falsify caller ID, or place packets with a forged source IP address. The goal can be to induce payment or disclosure, deliver malware, bypass trust checks, or obscure the source of traffic. IP spoofing usually prevents a reply from reaching the attacker, but can support reflection attacks; it is not by itself proof of access to the claimed system.
Mitigation depends on the channel. For email, configure and enforce SPF, DKIM, and DMARC, while treating display names and caller ID as untrusted signals. Use phishing-resistant authentication, verify sensitive requests through an independent channel, and validate domains and certificates before users enter credentials. At network boundaries, apply ingress and egress source-address filtering, monitor anomalous traffic, and design services not to trust a claimed address alone.
Automated Frequency Coordination systems by default trust client-side data, which could lead to location spoofing and other attacks that disrupt traffic.
At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry
UK authorities charged five people following a National Crime Agency (NCA) investigation into Russian Coms, a major caller ID spoofing platform used by criminals to make over 1.8 million scam calls. [...]
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments