Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Office 365 Zero-Day Used in Real-World Phishing Campaigns
#1
Quote:A new zero-day vulnerability known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts.

Discovered last week, on May 1, 2018, by security researchers from Avanan, baseStriker is a flaw in how Office 365 servers scan incoming emails.

The HTML tag at the center of baseStriker
At the center of this vulnerability is the < base > HTML tag. This is a seldom used tab, but developers declare it in the < head > section of an HTML document (web page), and its purpose is to establish a base URL for relative links.

For example, a website might declare a base URL like this:


Code:
< base href = "https://www.example.com" / >

Once declared, developers can include links to content hosted on the base URL without typing the whole thing, like so:


Code:
< img src = "/images/slider/photo-1.png" / >

Under the hood, the HTML rendering engine (usually a browser) will merge the base URL with the relative path and come with:


Code:
https://www.example.com/images/slider/photo-1.png

Office 365 doesn't support the "base" HTML tag

The problem, according to Avanan, is that Office 365's security systems don't appear to support base URLs.

An attacker can simply send out a rich-text-formatted email with the following structure and Office 365 won't be able to scan and detect any malware hosted on the URLs.

Read the article:

HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Panda Security does it again: 100% detection in AV-C’s Real-World Test mrtrout 0 933 11-20-2020 , 10:16 AM
Last Post: mrtrout
  Real-time view of cyberthreat activity around the world guardian 0 1,285 04-19-2020 , 05:09 AM
Last Post: guardian
  Deepfakes and LinkedIn: malign interference campaigns Herran 0 1,316 11-21-2019 , 02:55 PM
Last Post: Herran
  Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign tarekma7 0 1,458 11-17-2019 , 11:26 AM
Last Post: tarekma7
  Office 365 Phishing Attacks Are on the Rise Mohammad.Poorya 0 2,162 06-22-2019 , 08:25 PM
Last Post: Mohammad.Poorya

Forum Jump:


Users browsing this thread: 1 Guest(s)