December 9, 2023

Malicious actors are using social engineering tactics to exploit Microsoft Outlook’s vulnerability and send emails to users, making impersonators seem credible.

Advertisements

In one attack, a test spoof email bypassed Outlook’s security layers and even seemed like an authentic email from a legitimate user, alongside displaying the Active Directory address. This address contains photos, files shared between users, recipients’ email addresses and phone numbers.

Outlook does not require email authentication such as Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) checks, indicating it prioritises productivity over security.

Spoofing is also made easier, because Microsoft does not require verification before updating the user image on an email, and it will display all contact data for a user, even if that user has an SPF fail, the firm added.

Advertisements

Employing email security tools for scanning files and links, and ensuring the organisation has layered security can help mitigate risks while using Microsoft Outlook.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023
%d