Tag Archives: vulnerable

Multiple SMTP Servers Vulnerable to Spoofing Attacks

July 31, 2024 Web Shared Hosting News 0

Multiple SMTP Servers Vulnerable to Spoofing Attacks, Let Hackers Bypass Authentication

A recent discovery has unveiled vulnerabilities in multiple hosted, outbound SMTP servers, allowing authenticated users and certain trusted networks to send emails with spoofed sender information.

These vulnerabilities, CVE-2024-7208 and CVE-2024-7209, exploit weaknesses in the authentication and verification mechanisms provided by Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM).


EHA

Domain-based Message Authentication, Reporting, and Conformance (DMARC), which builds on SPF and DKIM, is circumvented, enabling attackers to bypass security measures and spoof sender identities.

Technical Description of the Vulnerabilities

The vulnerabilities stem from the SMTP protocol’s inherent insecurity, as outlined in RFC 5321 #7.1. SPF…


Source link

Thousands of Microsoft Exchange servers could be vulnerable to this dangerous security flaw

February 21, 2024 Web Shared Hosting News 0

Tens of thousands of Microsoft Exchange servers are vulnerable to a flaw that is already being abused in the wild, experts have warned.

The vulnerability, tracked as CVE-2024-21410, is a privilege escalation flaw that allows threat actors to perform NTLM relay attacks on Microsoft Exchange Servers and escalate their privileges on the target endpoint. As a result, they could steal sensitive information and confidential data being shared via email, or could use the access as a stepping stone for more devastating attacks. 


Source link

Over 80% of Nepal’s websites vulnerable to cyber attacks amid legal gaps

January 6, 2024 Web Shared Hosting News 0

cyber-attacks

Nepal has witnessed an exponential 340 per cent annual growth in publicly reported hacking incidents against private and public sector digital infrastructure, according to police statistics. This surging epidemic of intrusions has been enabled by untreated flaws permeating networks and deficiencies around oversight, allowing websites and databases to be easily penetrated by even novice hackers.

The vectors for such website breaches predominantly include SQL injection attacks and distributed denial of service (DDoS) salvos – together underlying over 85 per cent of documented cybercrime cases with technical evidence and attack forensics.

As compared to Server Loss, SQL injection is one of the critical vulnerabilities which lead to taking over the database of the server, SQL injection…


Source link