Security News
Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The tech giant also highlighted the exploitation of other vulnerabilities with publicly available exploits in the same attacks, including CVE-2023-38831 in WinRAR and CVE-2021-40444 in Windows MSHTML. Outlook flaw exploitation background.
In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. During 2024, the WatchGuard Threat Lab predicts that a smart prompt engineer whether a criminal attacker or researcher will crack the code and manipulate an LLM into leaking private data.
Today, Microsoft shared a temporary fix for a known issue causing Outlook Desktop to crash when sending emails from Outlook.com accounts. These problems only affect Outlook for Microsoft 365 users and those in the Current Channel channel using Outlook build 17029.
Microsoft has resolved a known issue causing significant delays for Microsoft 365 customers when saving attachments in Outlook Desktop. The bug is known to impact Outlook users trying to save an attachment to a network share, according to a support document published by Redmond when the bug was first acknowledged in July.
In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments. Outlook.com users impacted by this known issue are seeing "Error code 550 5.7.520 Message blocked" errors when trying to send emails.
Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users since June and causing slow starts and freezes as if Offline Outlook Data Files were syncing right after launch. Error messages appeared, stating, "Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed."
Microsoft has resolved a known issue that caused Outlook Desktop to unexpectedly prompt users to reopen previously closed windows. On affected systems, users of Outlook for Microsoft 365 were encountering dialogs with prompts like "Outlook closed while you had items open. Reopen those items from your last session?".
Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook. The ZeroFont attack method, first documented by Avanan in 2018, is a phishing technique that exploits flaws in how AI and natural language processing systems in email security platforms analyze text.
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer's corporate account. "A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process," the Microsoft Security Response Center said in a post-mortem report.
Microsoft is investigating an issue causing Outlook Desktop to unexpectedly ask users to restore windows closed during a previous session. [...]