Security News
Microsoft has shared a temporary fix for a known issue that causes Microsoft 365 apps like Outlook, Word, and OneNote to unexpectedly crash while typing or spell-checking a text. [...]
Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from signing in or adding Gmail accounts using classic Outlook. [...]
Researchers say cybercriminals can have fun bypassing one of Microsoft's anti-phishing measures in Outlook with some simple CSS tweaks. William Moody, IT security consultant at Certitude, blogged today about how First Contact Safety Tip - a banner displayed in Outlook when a user receives a message from an address that typically doesn't contact them - can be hidden using CSS style tags.
Users are urging Microsoft to rethink how it shows sender email addresses in Outlook because phishing criminals are taking advantage, using helpful, friendly names to serve up emails loaded with malicious intent. Outlook will helpfully show the friendly name if it can rather than the actual address of the sender.
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017.
Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. The company acknowledged the bug in early February after many Microsoft 365 users reported seeing unexpected warnings that "This location may be unsafe" and "Microsoft Office has identified a potential security concern" when double-clicking ICS calendar files.
Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its 'Secure Future Initiative,' including the deprecation of basic authentication by September 16, 2024. The software giant also announced the end of support for 'Mail' and 'Calendar' apps on Windows, the deprecation of Outlook Light, and removing users' ability to access Gmail accounts via Outlook.com.
June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw and a RCE vulnerability in Microsoft Outlook. CVE-2024-30080 is a use after free flaw affecting Microsoft Message Queuing and can be exploited by unauthenticated attackers by sending a specially crafted malicious MSMQ packet to a MSMQ server.
Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. Affected customers will receive error messages stating, "Microsoft Outlook was not able to create a message with restricted permission" when trying to reply to messages using Microsoft encryption.
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from...