Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Hackers found a way to bypass Microsoft Office 365 Safe Links
Security researchers have just revealed how hackers overcome Microsoft Office 365's Safe Links security feature, used to protect users from malware and phishing attacks.
Safe Links is included in Office 365 software, located in Microsoft's Advanced Threat Protection (ATP) solution, replacing all the URLs in email with Microsoft's secure URL.
When the user clicks on the link in the email, it will be sent to the domain name for Microsoft owned to check the origin of the URL. If it detects malicious code, it will warn the user and if not, will redirect the user to the original link.
However, researchers at Avanan cloud security company have revealed how to use this feature using a technique called baseStriker.
BaseStriker uses the tag in the header of the HTML email, used to define the default URL or URL for related links in the website or text.
If the URL is defined, all related links will then use that URL as a prefix.
Traditional scam
BaseStriker attack type
As shown in the above two pictures, when using a card to separate the infected link, Safe Links cannot identify and replace the link, and the user is still taken to the infected page when clicked.
Researchers have tried using baseStriker and said 'anyone who uses Office 365 with any installation settings is likely to be affected', whether web, mobile or installed on the destkop.
Proofpoint is also likely to be affected. Gmail users or using Office 365 with Mimecast are not.
See more:
- Microsoft Office 365 version is supported against blackmail
- Hackers are using new Microsoft Office vulnerabilities to distribute malware
- Hacker exploited three vulnerabilities in Microsoft Office to spread Zyklon malware
Lesley MontoyaYou should read it
- [Infographic] How to recognize and prevent Phishing attacks
- Microsoft warns of phishing campaigns targeting Outlook Web App and Office 365 users
- Excel continues to be used as a lure for online fraud with complex mechanisms
- Hacker purged two-factor security just by automated phishing attacks
- Hackers use banks as a starting point for phishing attacks
- Air New Zealand hacked, customer information is at risk of falling into the hands of hackers
- Hackers are using new Microsoft Office vulnerabilities to distribute malware
- Warning: Microsoft and Google Clouds are being abused to launch large-scale phishing campaigns
May be interested
- Microsoft has a group of 'elite' hackers that specialize in attacking Windows to keep the operating system safe
their mission is to attack to find security holes on windows, report to microsoft to research and release patches before the crook takes advantage of them for bad purposes. - New features in the OneDrive for iOS appmicrosoft's mobile online storage service for ios has been added new features such as offline scanning, document scanning and expired links. some of these features have been found in scanning applications like microsoft's office lens earlier. however, now, you can access them easily from the onedrive app.
- Microsoft Office 16 exposes details in the new seriesthe verge news site recently published a series of screenshots of the famous microsoft office 16 office suite.
- Microsoft fixes errors that are criticized in Windows Officeyesterday, microsoft officially fixed 5 errors on windows office, mainly hackers errors discovered in previous months.
- Students and students enjoy free Office 365microsoft's new promotion will allow students and students to register for free office 365 office packages.
- Microsoft Office 16 is coming soonaccording to the verge, recently released a series of leaked photos of office 16 from microsoft.
- Buy a Microsoft Office license at a 'bargain' price?the purchase of microsoft office and other software licenses has never been noticed by many people because the cost can be in the tens of dollars.
- Hackers take advantage of Microsoft Defender's 8-year-old weakness to bypass the virus detection systemhackers take advantage of the weakness of microsoft defender anti-virus software to learn the locations excluded from the scan and plant malware there.
- Let Microsoft Office become more perfectmicrosoft office is still the most used office toolkit today. but this product is not perfect and convenient for users ...
- Four reasons do not need to upgrade to new Microsoft Officeoffice is an office suite that seems indispensable for the business world. most small stores have to rely on 3 applications word, excel and powerpoint.
Attack the network
- WannaCry is a year old, EternalBlue is bigger than you think
- Discover 2 new vulnerabilities on 2 popular email protocols
- The DHCP vulnerability in Red Hat Linux helps hackers execute remote code
- Malware digs virtual money over antivirus programs, forcing Windows to crash
- Warning: New malicious code is infecting about 500,000 router devices
- The browser is too smart, hackers turn to embed zero-day Flash malicious code into Microsoft Office files
WannaCry is a year old, EternalBlue is bigger than you think
Discover 2 new vulnerabilities on 2 popular email protocols
The DHCP vulnerability in Red Hat Linux helps hackers execute remote code
Malware digs virtual money over antivirus programs, forcing Windows to crash
Warning: New malicious code is infecting about 500,000 router devices
The browser is too smart, hackers turn to embed zero-day Flash malicious code into Microsoft Office files