Email has long been a major weak link for security; the Democratic National Committee and Hillary Clinton's campaign were infamously both compromised by Russian hackers through email-related phishing attacks ahead of the 2016 US elections. And with the 2020 campaign in full swing, a patched flaw in Microsoft Outlook is still giving attackers an opening.
First disclosed and fixed in October 2017, the bug is in a little-known Outlook feature called the "Home Page," a tab that can function as a user's home screen and load external content from, say, a company web server or even a public website. In practice, many Outlook users have no idea that the Home Page exists, because they open Outlook to their inboxes. But hackers realized that if they could get someone's account credentials, they could exploit a flaw in Home Page and manipulate it to load malicious content. From there, they could remotely run exploit code to break out of Outlook's defenses and control a device's operating system. The whole attack is inconspicuous, because it looks like legitimate Outlook traffic. Once it's set up, the backdoor persists even after the compromised device is rebooted.
Though Microsoft originally labeled the vulnerability as low severity in 2017 and said it had not seen the bug exploited in the wild, security firms quickly warned that they had seen evidence of nation state abuse, particularly by the Iran-linked hacking group APT33, and later another Iranian group, APT34. ..
Support the originator by clicking the read the rest link below.
