Microsoft 365 anti-phishing feature can be bypassed with CSS

August 7, 2024 at 11:35AM Researchers discovered a method to hide the ‘First Contact Safety Tip’ in Microsoft 365, potentially increasing the risk of users opening malicious emails. Despite reporting the flaw to Microsoft, the tech giant decided not to address it at this time. The technique involves manipulating HTML and CSS to hide the … Read more

Disney, Nike, IBM Signatures Anchor 3M Fake Emails a Day

August 2, 2024 at 11:46AM The EchoSpoofing campaign sent millions of fake emails, exploiting a vulnerability in Proofpoint’s email protection service and Microsoft 365. By using a misconfiguration flaw, the attackers impersonated blue chip companies like Disney and Coca-Cola, exploiting the trust between Microsoft 365 and Proofpoint to send fraudulent emails. Proofpoint implemented a fix, … Read more