Attackers are abusing the legitimate notification systems of SaaS platforms like GitHub and Jira to send phishing emails, which inherit the platforms' authenticated email infrastructure and bypass SPF, DKIM, and DMARC checks. The article does not describe a software vulnerability with specific affected versions, but rather a threat actor technique exploiting the inherent trust in these services' email delivery. Security teams should be aware of this method and treat emails from these platforms with increased scrutiny, even when they pass authentication checks.
Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. “Because the emails are dispatched from the platform’s own infrastructure, they satisfy all standard authentication requirements (SPF, DKIM, and DMARC), effectively neutralizing the primary gatekeepers of modern email security,” they note. “By decoupling the malicious intent from the technical infrastructure, attackers successfully deliver phishing content with a ‘seal of approval’ that … More → The post Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure appeared first on Help Net Security .