Spoofing
UK carriers to block spoofed phone numbers in fraud crackdown
Under a new partnership with the government aimed at combating fraud, Britain’s largest mobile carriers have committed to upgrading their networks to eliminate scammers’ ability to spoof phone numbers within a year. This agreement is part of the new Telecoms Charter, which brings together law enforcement, government agencies, and Britain’s top mobile networks, including BT […]
FBI warns of cybercriminals using fake FBI crime reporting portals
The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as “possible malicious activity.” Although it didn’t share any examples and didn’t point to specific attacks, the FBI said that such spoofed websites could be used by attackers in financial scams or to steal […]
WhatsApp flaw can let attackers run malicious code on Windows PCs
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. Described as a spoofing issue and tracked as CVE-2025-30401, this security flaw can be exploited by attackers by sending maliciously crafted files with altered file types to potential […]
MikroTik botnet uses misconfigured SPF DNS records to spread malware
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. The threat actor takes advantage of an improperly configured DNS record for the sender policy framework (SPF) used for listing all the servers authorized to send emails […]
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. The security flaw (CVE-2024-49040) impacts Exchange Server 2016 and 2019, and was discovered by Solidlab security researcher Vsevolod Kokorin, who reported it to Microsoft earlier this year. “The problem is that […]
New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target’s NTLM credentials remotely. NTLM has been extensively exploited in NTLM relay attacks, where threat actors force vulnerable network devices to authenticate against servers under their control, and pass-the-hash attacks, where they exploit system vulnerabilities or deploy malicious […]
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
Microsoft October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. This Patch Tuesday fixed three critical vulnerabilities, all remote code execution flaws. The number of bugs in each vulnerability category is listed below: This count does not include three Edge flaws that […]
Unexplained ‘Noise Storms’ flood the Internet, puzzle experts
Internet intelligence firm GreyNoise reports that it has been tracking large waves of “Noise Storms” containing spoofed internet traffic since January 2020. However, despite extensive analysis, it has not concluded its origin and purpose. These Noise Storms are suspected to be covert communications, DDoS attack coordination signals, clandestine command and control (C2) channels of malware operations, or the result […]