August 7, 2024 at 09:28AM Cybercriminals can manipulate Microsoft Outlook’s anti-phishing measure by using CSS to hide the First Contact Safety Tip, making it appear invisible to users, except in the email preview pane. This tactic also allows cybercriminals to add a seemingly legitimate note to phishing emails, posing a security threat despite some formatting … Read more
August 6, 2024 at 08:25AM Users are calling for Microsoft to reconsider the display of sender email addresses in Outlook, as phishing criminals exploit the friendly name feature to mask malicious intent. Despite attracting over 100 votes in Microsoft’s forums, the issue persists, posing a significant security risk. There is a plea for Microsoft to … Read more
July 29, 2024 at 05:45PM A new red team post-exploitation framework named “Specula” released by TrustedSec turns Microsoft Outlook into a C2 beacon to execute code remotely. This framework bypasses security features and allows attackers to run arbitrary commands on compromised Windows systems. The CVE-2017-11774 vulnerability is exploited, making it a persistent and impactful threat. … Read more
June 15, 2024 at 01:15PM Microsoft’s ‘Secure Future Initiative’ for Outlook personal email accounts includes deprecating basic authentication by September 16, 2024. It aims to enhance cybersecurity by phasing out unsafe practices and replacing them with modern authentication methods backed by multi-factor authentication. Deprecations include ‘Mail’ and ‘Calendar’ apps on Windows and Outlook Light, with … Read more
February 5, 2024 at 05:07PM Microsoft is investigating an issue where Outlook triggers security alerts when opening .ICS calendar files post-December 2023 Patch Tuesday Office updates. Users are affected by warning dialog boxes, and the company is working on a fix for this bug and related security warning due to CVE-2023-35636. A temporary registry key … Read more
December 29, 2023 at 06:54AM Ukraine’s CERT-UA has warned of a new phishing campaign by the Russia-linked APT28 group targeting government entities through email messages, deploying malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The attacks utilize various tools, including the Python-based MASEPIE and the C#-based OCEANMAP, with communications employing encrypted channels. … Read more
December 18, 2023 at 11:39AM Security researcher Ben Barnea revealed two security flaws in Microsoft Windows that were patched in 2023. These flaws, CVE-2023-35384 and CVE-2023-36710, could be exploited by threat actors to achieve remote code execution on Outlook without user interaction. Mitigation recommendations include microsegmentation and addressing NTLM vulnerabilities. For further updates, follow the … Read more
December 4, 2023 at 03:19PM Microsoft warns of APT28 exploiting a critical Outlook flaw, CVE-2023-23397, to hijack Exchange accounts, targeting governmental and key sectors in the US, Europe, and the Middle East. The attacks, using various vulnerabilities, have been ongoing since April 2022. Urgent mitigation includes applying security updates and enabling MFA. Meeting Takeaways: 1. … Read more