A newly disclosed misconfiguration in Microsoft Exchange Online dubbed Ghost-Sender allows attackers to spoof emails from any sender to any recipient within a target tenant, completely bypassing SPF, DKIM, and DMARC email authentication controls. Researchers at InfoGuard have released a free testing tool to help organizations determine whether they are exposed. Ghost-Sender exploits a fundamental architectural behavior […]
The post Ghost-Sender Flaw Enables Sender Spoofing in Exchange Online appeared first on Cyber Security News.