16.4 C
Tuesday, May 28, 2024

Security vulnerability in a popular e-mail tool – a critical vulnerability in Microsoft Outlook

Must read

- Advertisement -

Microsoft has published information about a critical vulnerability in the Outlook application on Windows – it is easy to exploit, has wide-ranging effects and can lead to remote takeover of the account, i.e. without the user’s participation, the government’s representative for cybersecurity wrote in a message. As reported by the CNN station, thanks to the vulnerability, hackers linked to Russian military intelligence tried and in some cases successfully infiltrated networks used by the armed forces in Europe, transportation and energy companies.

According to CNN and the industry portal Bleeping Computer, Microsoft informed its customers about the detection of a vulnerability in the Outlook e-mail application. The hole was first noticed by the Ukrainian CERT team.

By exploiting the vulnerability, Russian APT28 hackers (also known as STRONTIUM and Fancy Bear, among others) were said to have accessed networks used by “less than 15” government, military, transportation and energy organizations between April and December 2022.

Security vulnerability in a popular email utility

- Advertisement -

“Security gap in a popular e-mail tool. Take care of online security” – the government’s plenipotentiary for cybersecurity indicated in the communication. It added that “vulnerabilities, i.e. bugs and security holes, also occur in widely used products of large suppliers.” The vulnerability mentioned here has been actively used in attacks carried out by one of the groups associated with the Russian government since April 2022, including in Poland.

“We recommend immediate action by administrators of all organizations users use via the Microsoft Outlook client” – appealed.

The communication explains how the previously mentioned vulnerability works. It was emphasized that it “allows you to take control of a user’s account in two ways.”

“One method allows you to recover the password through a dictionary attack, i.e. one that uses the trial and error method to discover login details. Carrying out such an attack is easier when we have a short password – the number of combinations to check is then simply smaller” – it was written.

It added that “the second method allows the user’s session to be directly used to log in to other organization services.”

“To carry out the attack, it is enough for the victim to receive the appropriate e-mail. No user action is required. The attack can be carried out remotely. The acquired domain password can be used to log in to other publicly available company services. If two-factor authentication is not used, it can This can lead to the attacker gaining access to the corporate network.

How to defend against a security vulnerability in email?

As indicated by the government’s representative for cybersecurity, “they are susceptible all versions of Microsoft Outlook for the Windows platform”. However, “they are not vulnerable versions for Android, iOS or macOS platforms” and “cloud services such as Microsoft 365”.

“The first step that administrators should take is to update the application in accordance with the guidelines on the dedicated page: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397” – it was written in the communiqué.

It was also reminded that “the use of strong passwords will significantly impede the use of vulnerabilities by cybercriminals”, and “an important recommendation is also the use of two-factor authentication, in particular for services exposed to the Internet”.

It also details how organizations can check their security. “Microsoft has released a tool that organizations can use to check whether their users have received exploit messages. It is available to administrators here: https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/” – explained.

“If attempts to exploit the vulnerability are detected, it will be necessary to start the incident handling procedure and contact the appropriate CSIRT team” – it was emphasized in the release.

Internet scams and fake sites

Cybercriminals do not stop in their activities. We reported on several campaigns in which they impersonate large banks.

This week, the cybersecurity team at the Polish Financial Supervision Authority (KNF CSIRT) warned against scammers who post false advertisements with information about compensation for vaccination.

Cybercriminals have created advertisements in which they use the image of Santander Bank Polskaleading to “dangerous sites”.

PKO BP published a warning against scammers who try to steal customer data. Cybercriminals publish advertisements on social networks encouraging people to invest in PKOCoin.

mBank also warned against thieves, as the criminals used its image by sending e-mails with information about the confirmation of the alleged SWIFT payment. Earlier, the KNF CSIRT warned that fraudsters were using the image of Bank BNP Paribas.

Main photo source: Shutterstock

Source link

More articles

- Advertisement -

Latest article