#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Microsoft Outlook | Breaking Cybersecurity News | The Hacker News

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

Feb 02, 2024 Cyber Espionage / Password Security
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called  APT28 , have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with labor, social welfare, finance, parenthood, and local city councils. Cybersecurity firm Trend Micro  assessed  these intrusions as a "cost-efficient method of automating attempts to brute-force its way into the networks" of its targets, noting the adversary may have compromised thousands of email accounts over time. APT28 is also tracked by the broader cybersecurity community under the names Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422. The group, believed to be
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

Dec 12, 2023 Cyber Espionage / Malware
The Russian nation-state threat actor known as  APT28  has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and TA422. "The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers," security researchers Golo Mühr, Claire Zaboeva, and Joe Fasulo  said . "ITG05's infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign." Targets of the campaign include Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia, and Romania
How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

Feb 19, 2024Network Detection and Response
Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of  Network Detection and Response (NDR)  and how it's become the most effective technology to detect cyber threats?  NDR massively upgrades your security through risk-based alerting, prioritizing alerts based on the potential risk to your organization's systems and data. How? Well, NDR's real-time analysis, machine learning, and threat intelligence provide immediate detection, reducing alert fatigue and enabling better decision-making. In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false positives and efficient threat response. Why Use Risk-Based Alerting? Risk-based alerting is an approach where security alerts and responses are prioritized based on the level of risk they pose to an organization's system
Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics

Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics

Aug 11, 2023 Malware / Cyber Attack
The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of  more than 15 implants  that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe in 2022. "The attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems," Kaspersky  said  in an analysis spotlighting APT31's previously undocumented tradecraft. The intrusions employ a three-stage malware stack, each focused on disparate aspects of the attack chain: setting up persistence, gathering sensitive data, and transmitting the information to a remote server under the threat actor's control. Some variants of the second-stage backdoors also come with features designed to look up file names in the Microso
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Outlook for Web Bans 38 More File Extensions in Email Attachments

Outlook for Web Bans 38 More File Extensions in Email Attachments

Sep 26, 2019
Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web. Previously known as Outlook Web Application or OWA, "Outlook on the Web" is Microsoft's web-based email client for users to access their emails, calendars, tasks and contacts from Microsoft's on-premises Exchange Server and cloud-based Exchange Online. The list of blocked file extensions currently has 104 entries, including .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh, and more. Now, the expanded block list will also include 38 new extensions
PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

Jun 22, 2019
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability ( CVE-2019-1105 ) that impacted over 100 million users. However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site scripting (XSS) flaw that could allow attackers to run scripts in the context of the current user just by sending a specially crafted email to the victims. Now, Bryan Appleby from F5 Networks, one of the security researchers who reported this issue independently to Microsoft, released more details and proof-of-concept for the Outlook vulnerability that he reported to the tech giant almost six months ago. In a blog post published Friday, Appleby revealed that while exchanging some JavaScript code with his friends over an email, he accidentally discovered a cross-site scripting (XSS) issue th
Important Flaw in Outlook App for Android Affects Over 100 Millions Users

Important Flaw in Outlook App for Android Affects Over 100 Millions Users

Jun 20, 2019
Update (22 June 2019)  — More technical details and proof-of-concept for the OutLook for Android vulnerability has been released that we have covered in a separate article here. Microsoft today released an updated version of its "Outlook for Android" that patches an important security vulnerability in the popular email app that is currently being used over 100 million users. According to an advisory , Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability ( CVE-2019-1105 ) in the way the app parses incoming email messages. If exploited, remote attackers can execute malicious in-app client-side code on the targeted devices just by sending them emails with a specially crafted message. "The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user." According to Microsoft, the fl
Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

Apr 13, 2019
If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal and access information related to some email accounts registered with the company's Outlook service. Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019. Another user on Reddit also confirmed that he/she too received the same email from Microsoft. According to the incident notification email, as shown below, attackers were able to compromise credentials for one of Microsoft's customer support agents and used it to unauthorisedly access some information related to the affected accounts, but not
Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Jan 10, 2019
Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks. Safe Links has been included by Microsoft in Office 365 as part of its ATP (Advanced Threat Protection) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs. Therefore, every time users click on a link provided in an email, Safe Links first sends them to a Microsoft owned domain, where it immediately checks the original link for anything suspicious. If Microsoft's security scanners detect any malicious element, it then warns the users about it, and if not, it redirects them to the original link. However, researchers at the cloud security company Avanan have revealed how attackers have been bypassing both Office 365's URL reputation check a
Hackers Found Using A New Way to Bypass Microsoft Office 365 Safe Links

Hackers Found Using A New Way to Bypass Microsoft Office 365 Safe Links

May 08, 2018
Security researchers revealed a way around that some hacking groups have been found using in the wild to bypass a security feature of Microsoft Office 365, which is originally designed to protect users from malware and phishing attacks. Dubbed Safe Links, the feature has been included in Office 365 software as part of Microsoft's Advanced Threat Protection (ATP) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs. So, every time a user clicks on a link provided in an email, it first sends the user to a Microsoft owned domain, where the company immediately checks the original URL for anything suspicious. If Microsoft's scanners detect any malicious element, it then warns users about it, and if not, it redirects the user to the original link. However, researchers at cloud security company Avanan have revealed how attackers have been bypassing the Safe Links feature by using a technique called, " baseStriker attack ."
Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

Apr 06, 2018
Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars. Last year, we saw some major ransomware outbreaks, including WannaCry  and  NotPetya , which wreaked havoc across the world, hitting hundreds of thousands of computers and business networks worldwide. From small to mid-range businesses, Microsoft Office 365 remains the most widely used and fastest-growing work office suite, so it's no surprise that it has become a primary target for viruses, ransomware, and phishing scams. In fact, most strains of ransomware target Microsoft productivity apps such as Word, Excel and encrypt sensitive data to hold the company hostage until the ransom is paid. Now, to combat such cyber attacks, Microsoft has announced some new security features for Office 365 that can help users mitigate the damage done by ransomware a
Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities

Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities

Feb 14, 2018
Microsoft's Patch Tuesday for this month falls the day before the most romantic day of the year. Yes, it's Valentine's, and the tech giant has released its monthly security update for February 2018, addressing a total of 50 CVE-listed vulnerabilities in its Windows operating system, Microsoft Office, web browsers and other products. Fourteen of the security updates are listed as critical, 34 are rated as important, and 2 of them are rated as moderate in severity. The critical update patches serious security flaws in Edge browser and Outlook client, an RCE in Windows' StructuredQuery component, and several memory corruption bugs in the scripting engines used by Edge and Internet Explorer. Critical Microsoft Outlook Vulnerability One of the most severe bugs includes a memory corruption vulnerability ( CVE-2018-0852 ) in Microsoft Outlook, which can be exploited to achieve remote code execution on the targeted machines. In order to trigger the vulnerability
Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

Oct 12, 2017
Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out. From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers. S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages. According to a security advisory published by SEC Consult earlier this week, a severe bug (CVE-2017-11776) in Microsoft Outlook email client causes S/MIME encrypted emails to be sent with their unencrypted versions attached. When Outlook users make use of S/MIME to encrypt their messages and format their emails as plain text, the vulnerability allows the seemingly encrypted emails to be sent in both encrypted as well as human-readable clear text f
Cybersecurity Resources