Security bug allows anyone to spoof Microsoft employee emails
Reading Time: 2 minutesA researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets.
Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn’t reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it.
The bug, according to Kokorin, only works when sending the email to Outlook accounts. Still, that is a pool of at least 400 million users all over the world, according to Microsoft’s latest earnings report.
‘I did not expect my post to get such a reaction. Honestly, I just wanted to share my frustration because this situation made me sad,’ Kokorin said. ‘Many people misunderstood me and think that I want money or something like that. In reality, I just want companies not to ignore researchers and to be more friendly when you try to help them.’
It’s not known if anyone other than Kokorin found the bug, or if it has been maliciously exploited.
While the threat of this bug, at this point, is unknown, Microsoft has experienced several security problems in recent years, prompting investigations by both federal regulators and congressional lawmakers.
Last week, Microsoft president Brad Smith testified in a House hearing after China stole a tranche of U.S. federal government emails from Microsoft’s servers in 2023. In the hearing, Smith pledged a renewed effort to prioritize cybersecurity in the company after a slew of security embarrassments.
Months earlier in January, Microsoft confirmed that a Russian-government linked hacking group had broken into Microsoft corporate emails accounts to steal information about what the company’s top executives knew about the hackers themselves. And last week, ProPublica revealed that Microsoft had failed to heed warnings about a critical flaw that was later exploited in the Russian-backed cyber espionage campaign that targeted tech company SolarWinds.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG