Microsoft Outlook Web App | Breaking Cybersecurity News | The Hacker News

Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web. Previously known as Outlook Web Application or OWA, "Outlook on the Web" is Microsoft's web-based email client for users to access their emails, calendars, tasks and contacts from Microsoft's on-premises Exchange Server and cloud-based Exchange Online. The list of blocked file extensions currently has 104 entries, including .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh, and more. Now, the expanded block list will also include 38 new extensions

Researchers have unearthed a dangerous backdoor in Microsoft's Outlook Web Application (OWA) that has allowed hackers to steal e-mail authentication credentials from major organizations. The Microsoft Outlook Web Application or OWA is an Internet-facing webmail server that is being deployed in private companies and organisations to provide internal emailing capabilities. Researchers from security vendor Cybereason discovered a suspicious DLL file loaded into the company's OWA server that siphoned decrypted HTTPS server requests. Although the file had the same name as another benign DLL file, the suspicious DLL file was unsigned and loaded from another directory. Hackers Placed Malicious DLL on OWA Server According to the security firm, the attacker replaced the OWAAUTH.dll file ( used by OWA as part of the authentication mechanism ) with one that contained a dangerous backdoor. Since it ran on the OWA server, the backdoored DLL file allowed hacker

Streamline your zero-trust access journey with three simple steps for high-risk, remote, and hybrid users.