www.greenground.it Open in urlscan Pro
2606:4700:20::681a:733  Public Scan

Form analysis
2 forms found in the DOM

POST

<form method="post">
  <input type="submit" value="Close and accept" class="accept">
</form>

<form>
  <input name="_replyto" placeholder="Email address" required="" type="email">
  <input type="submit" value="Sign up">
</form>

Text Content

GREENGROUND IT


SOCIAL NEWS AUTOMATION


Use the up and down arrows to select a result. Press enter to go to the selected
search result. Touch device users can use touch and swipe gestures.
  
Menu Skip to content
 * Home
 * eCommerceexpand child menu
   * Shop
   * My account
   * Checkout
   * Cart
 * About Meexpand child menu
   * Mission
   * Contact
   * Concept
   * Bitcoin
   * Term of Services

December 10, 2021 Livio Andrea Acerbo


MICROSOFT OUTLOOK VULNERABILITY HELPS HACKERS MASQUERADE AS YOUR BOSS

Microsoft Outlook has a number of productivity tools built-in but new research
has revealed how they can be co-opted by hackers to send spoofed emails.

In a new report, researchers from Check Point-owned Avanan explains how hackers
can exploit the productivity tools in Microsoft’s email service to send spoofed
emails to a targeted end-user. 



To make matters worse, Outlook grabs and displays valid Active Directory details
for the spoofed user to give their fake emails a sense of legitimacy.

The cybersecurity firm’s researchers observed that hackers have begun using
Outlook’s productivity tools to send seemingly legitimate emails to targeted
users in a new social engineering campaign that leverages Microsoft’s email
client to make them appear more credible.


SENDING SPOOFED EMAILS USING OUTLOOK

In order to use Outlook’s productivity tools against unsuspecting users, the
only thing a hacker has to do is send a spoofed email. If they have their own
private server, they can craft an email that pretends to come from another
sender to carry out a domain impersonation attack.

Should this spoofed email get past security layers as is often the case with
domain impersonations, Outlook will present it as a real email from the spoofed
person and even show off their legitimate Active Directory details including
photos, files shared between users, legitimate email addresses and phone
numbers.

According to Avanan researchers, Microsoft Outlook does not do email
authentication such as SPF or DKIM checks. As a result, if a spoofed email does
end up in a target’s inbox, Outlook does the work for the hacker by displaying
accurate Active Directory details. Spoofing is also made easier as Microsoft
does not require verification before updating a user image in an email and it
will display all contact data for a user even if that user has an SPF fail.

To prevent falling victim to attacks using this exploit, Avanan recommends that
security professionals ensure their organization has layered security before the
inbox, employ an email security solution that scans files and links and measures
domain risk and protect all applications like Microsoft Teams and SharePoint
that interact with Active Directory.

Looking to upgrade your email experience? Check out our roundups of the best
email clients, best email hosting and best email services

social experiment by Livio Acerbo #greengroundit #techradar
https://www.techradar.com/news/microsoft-outlook-vulnerability-helps-hackers-masquerade-as-your-boss/


SHARE THIS:

 * Click to share on Facebook (Opens in new window)
 * Click to share on Twitter (Opens in new window)
 * Click to share on LinkedIn (Opens in new window)
 * Click to share on Reddit (Opens in new window)
 * 


LIKE THIS:

Like Loading...
 * news
 * rss

 * feed
 * full
 * livio acerbo
 * Techradar


PUBLISHED BY LIVIO ANDREA ACERBO

I am a C?O at Limited Liability currently living in Nice, France. I started
www.greenground.it a news automation project for a precise understanding of
machine learning technology and webhooks. You can mail me to book a consultation
or if you’d like to get in touch, feel free to say hello through any of the
social. View all posts by Livio Andrea Acerbo


POST NAVIGATION

Previous A Natale per cibo e vino 20 milioni in meno del 2020 | Bresciaoggi
Next Covid, "così alcuni no vax ricoverati tentano di strappare le mascherine o
le tute al …



FOLLOW US

 * Facebook
 * Twitter
 * Instagram

THIS WEBSITE USES COOKIES

This website uses cookies to improve your experience. We'll assume you're ok
with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy
Close

PRIVACY OVERVIEW

This website uses cookies to improve your experience while you navigate through
the website. Out of these, the cookies that are categorized as necessary are
stored on your browser as they are essential for the working of basic
functionalities of the ...
Necessary
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly.
This category only includes cookies that ensures basic functionalities and
security features of the website. These cookies do not store any personal
information.
Non-necessary
Non-necessary
Any cookies that may not be particularly necessary for the website to function
and is used specifically to collect user personal data via analytics, ads, other
embedded contents are termed as non-necessary cookies. It is mandatory to
procure user consent prior to running these cookies on your website.
SAVE & ACCEPT



Go to mobile version
%d bloggers like this:
follow our mastodon✕

We have a new place that might interest you.

follow us

Privacy & Cookies: This site uses cookies. By continuing to use this website,
you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
Sign up for our newsletter Join our mailing list to be the first to know what
we’re up to.





AddThis Sharing Sidebar
Share to FacebookFacebookShare to TwitterTwitterShare to PrintPrintShare to
EmailEmailMore AddThis Share optionsAddThis
Hide
Show
Close

AddThis

AddThis Sharing
FacebookTwitterPrintEmailAddThis