Dave Schroeder 🇺🇸’s Post

HEADS UP! A new security bug is allowing phishers to impersonate Microsoft security emails, prompting users to enter sensitive information that can then be used to access their account. TechCrunch reports how a researcher was able to sent them authentic looking emails from the email account 'security@microsoft.com', matching automated emails that are sent to millions daily and sophisticated enough to fool users even on the lookout for the usual phishing attempts. To learn more, link is in comments!

Security vulnerability - a bug allowing anyone to potentially forge emails appearing to be from Microsoft employees. This could be exploited for phishing attacks. Read the full story: https://lnkd.in/eKGK3htM #Ticktocktech #SecurityAlert #PhishingScam #Microsoft #TechCrunch

A new security flaw allows attackers to impersonate Microsoft corporate email accounts, increasing phishing risks. Discovered by researcher Vsevolod Kokorin (Slonser), the bug remains unpatched by Microsoft. Kokorin revealed the issue on X (formerly Twitter) after Microsoft dismissed his report. To prove the flaw, Kokorin sent an email to TechCrunch that seemed to come from Microsoft’s account security team. The bug targets Outlook accounts, affecting at least 400 million users globally, according to Microsoft’s latest earnings report. Kokorin expressed frustration with Microsoft’s response, saying, “They claimed they couldn’t reproduce it without details. However, after my tweet, they reopened an old report I submitted months ago.” Kokorin refrained from sharing technical details that could facilitate exploitation. This vulnerability poses significant risks, enabling attackers to send phishing emails that appear to be from legitimate Microsoft accounts, thus increasing their credibility and potential impact. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/g3VHcQSE #securityflaw #attackers #microsoft #email #phishing #researcher #bug #unpatched #twitter #techcrunch #outlook #vulnerability #cyberattack #cybernews #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

A new security flaw allows attackers to impersonate Microsoft corporate email accounts, increasing phishing risks. Discovered by researcher Vsevolod Kokorin (Slonser), the bug remains unpatched by Microsoft. Kokorin revealed the issue on X (formerly Twitter) after Microsoft dismissed his report. To prove the flaw, Kokorin sent an email to TechCrunch that seemed to come from Microsoft’s account security team. The bug targets Outlook accounts, affecting at least 400 million users globally, according to Microsoft’s latest earnings report. Kokorin expressed frustration with Microsoft’s response, saying, “They claimed they couldn’t reproduce it without details. However, after my tweet, they reopened an old report I submitted months ago.” Kokorin refrained from sharing technical details that could facilitate exploitation. This vulnerability poses significant risks, enabling attackers to send phishing emails that appear to be from legitimate Microsoft accounts, thus increasing their credibility and potential impact. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gi_6GXGJ #securityflaw #attackers #microsoft #email #phishing #researcher #bug #unpatched #twitter #techcrunch #outlook #vulnerability #cyberattack #cybernews #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

Security Bug Allows Anyone To Spoof Microsoft Employee Emails: A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. From a report: As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft's account security team. Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn't reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it. Read more of this story at Slashdot.

A new security flaw allows attackers to impersonate Microsoft corporate email accounts, increasing phishing risks. Discovered by researcher Vsevolod Kokorin (Slonser), the bug remains unpatched by Microsoft. Kokorin revealed the issue on X (formerly Twitter) after Microsoft dismissed his report. To prove the flaw, Kokorin sent an email to TechCrunch that seemed to come from Microsoft’s account security team. The bug targets Outlook accounts, affecting at least 400 million users globally, according to Microsoft’s latest earnings report. Kokorin expressed frustration with Microsoft’s response, saying, “They claimed they couldn’t reproduce it without details. However, after my tweet, they reopened an old report I submitted months ago.” Kokorin refrained from sharing technical details that could facilitate exploitation. This vulnerability poses significant risks, enabling attackers to send phishing emails that appear to be from legitimate Microsoft accounts, thus increasing their credibility and potential impact. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gaEscdbt #securityflaw #attackers #microsoft #email #phishing #researcher #bug #unpatched #twitter #techcrunch #outlook #vulnerability #cyberattack #cybernews #cybersecurity #fhn #firsthackersnews #informationsecurity #latestupdates

An interesting article on attacks I made a video about last year specifically targeting Microsoft Online users. MITM transparent proxy attacks are on the rise and traditional MFA solutions including MS and Google authenticators do not provide protection. Idenprotect being a true password-less solution using PKI technology on the other hand does provide protection against this type of attack. https://lnkd.in/e_GVK8A3 For more information about the attacks themselves please watch my video, its very interesting just how sophisticated (and easy) this attack can be achieved. https://lnkd.in/eMmvVaGQ

✨ Today In Tech #061 - July 11th 2024✨ 💡Topics💡 1️⃣ CyberCrime => Microsoft's Email of Customer Notification Issues Amid Russian Hack Criticized for Resembling Phishing Attempts 2️⃣ CyberCrime => Apple Issues Warnings to iPhone Users in 98 Countries About Mercenary Spyware Attacks 3️⃣ Politics => EU Accepts Apple's Commitments to Open Up NFC for Rival Mobile Wallets, Settling Antitrust Probe 1️⃣ CyberCrime => Microsoft's Email of Customer Notification Issues Amid Russian Hack Criticized for Resembling Phishing Attempts 🛈 Source : https://lnkd.in/g6z_mvH2 Microsoft has been criticized for sending emails that appear to be spam or phishing attempts, following the Russian government hack on its systems. The company has not followed the Microsoft 365 customer data breach process, with notifications being sent to tenant admins instead of the portal. Kevin Beaumont, a former Microsoft employee and cybersecurity researcher, warns companies to keep an eye out for these Microsoft emails. One of the main issues with Microsoft's notification email is that it includes a "secure link" to a domain that bears no apparent connection to Microsoft, instead of a link to "https://lnkd.in/gXb6yNKH." This link has been submitted to urlscan.io, a site that can help spot malicious links, more than a hundred times. This suggests that many organizations saw the official legitimate Microsoft email and thought it was malicious. Microsoft has also received evidence that customers are legitimately confused about whether the email they received is genuine. A cybersecurity consultant commented on Beaumont's LinkedIn post that "several" of his clients received the email and "all of them were worried it was phishing."

A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn’t reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it. The bug, according to Kokorin, only works when sending the email to Outlook accounts. Still, that is a pool of at least 400 million users all over the world, according to Microsoft’s latest earnings report. It’s not known if anyone other than Kokorin found the bug, or if it has been maliciously exploited. While the threat of this bug, at this point, is unknown, Microsoft has experienced several security problems in recent years, prompting investigations by both federal regulators and congressional lawmakers... #informationsecurity #cybersecurity #security #phishing #email #microsoft #vulnerability #bug #impersonation

Always keep a close eye out, and always have a secondary method of communication available when needed. Makes it faster to verify