March 22, 2023

Malicious actors are using social engineering tactics to exploit Microsoft Outlook’s vulnerability and send emails to users, making impersonators seem credible.

Advertisements

In one attack, a test spoof email bypassed Outlook’s security layers and even seemed like an authentic email from a legitimate user, alongside displaying the Active Directory address. This address contains photos, files shared between users, recipients’ email addresses and phone numbers.

Outlook does not require email authentication such as Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) checks, indicating it prioritises productivity over security.

Spoofing is also made easier, because Microsoft does not require verification before updating the user image on an email, and it will display all contact data for a user, even if that user has an SPF fail, the firm added.

Advertisements

Employing email security tools for scanning files and links, and ensuring the organisation has layered security can help mitigate risks while using Microsoft Outlook.

Tags:

Leave a Reply

Related Post

Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023

You may have missed

Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023
DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
%d bloggers like this: