The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Outlook Web App

Outlook for Web Bans 38 More File Extensions in Email Attachments

Outlook for Web Bans 38 More File Extensions in Email Attachments

September 26, 2019Mohit Kumar
Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web. Previously known as Outlook Web Application or OWA, "Outlook on the Web" is Microsoft's web-based email client for users to access their emails, calendars, tasks and contacts from Microsoft's on-premises Exchange Server and cloud-based Exchange Online. The list of blocked file extensions currently has 104 entries, including .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh, and more. Now, the expanded block list will also include 38 new extensions
Microsoft Outlook App for Android Devices Stores Emails Unencrypted on File System

Microsoft Outlook App for Android Devices Stores Emails Unencrypted on File System

May 22, 2014Mohit Kumar
If you have an account with Microsoft's popular free email service Outlook.com, and using Outlook app for Android, then there is a bad news for you. Microsoft's Android app for Outlook.com,  provides users to access their Outlook emails on their Android devices, fails to provide security and encryption. LOOPHOLES DISCOVERED Researchers from ' Include Security ' firm claims to have found multiple vulnerabilities in Microsoft's Outlook app for Android, that leaves users' email data vulnerable to hackers and other malicious third party apps. By default, Email attachments are stored into easily accessible folders on the Android filesystem Email Database ( Body, Subject ) is stored locally in an unencrypted manner App's 'Pin Code' feature doesn't protect or encrypt email data. EMAIL ATTACHMENTS ARE ACCESSIBLE TO ANY OTHER APPS Today almost every applications available at Google Play Store generally ask for  READ_EXTERNAL_STORA
Syrian Electronic Army Hijack Sky News's Twitter & Facebook Accounts

Syrian Electronic Army Hijack Sky News's Twitter & Facebook Accounts

February 07, 2013Mohit Kumar
Syrian Electronic Army strike again! This time hacking group hijack Twitter accounts and a Facebook page of Sky News Arabia and also hack their Emails. The accounts affected were the channel's main twitter handle @skynewsarabia and the @skynewsarabia account used for cultural and entertainment news, as well as the Facebook page facebook/skynewsarabia . Sky News regained control of the hacked accounts some how later. During an Interview with hackers at Syrian Electronic Army, hackers said that they first target Sky News's Email panel which is using Outlook Web App. Below is the screenshot of hacked inbox: Then it was too easy for hackers to reset the password of Twitter accounts and Facebook pages attached to that mail using Password forget option. Hackers said, they attack because of the bias that the foreign media has against Syria's President Bashar al-Assad and their support for the rebels in the Syrian conflict.
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.