The Federal Bureau of Investigation, National Security Agency and the U.S. Department of State have issued a joint cybersecurity advisory warning of state-sponsored email hack attacks that evade authentication security measures.
Domain-based Message Authentication, Reporting and Conformance is one of those things most email users have never heard of, but everyone with their own email server really needs to have done. There’s a reason that Google has recently implemented new email authentication rules that will see non-authenticated messages from bulk senders to Gmail addresses returned unopened.
This is where Kimsuky comes in. They exploit the fact that many DMARC policies have been left blank or marked as no action to be taken if an email fails the tests, as there’s a p=none modifier to show no policy exists. The JSAC itself includes a number of real-world examples of emails sent by Kimsuky.
Technology Technology Latest News, Technology Technology Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: ForbesTech - 🏆 318. / 59 Read more »
Source: ForbesTech - 🏆 318. / 59 Read more »