| |
HB1PMS > TECH 09.03.20 04:30l 84 Lines 3251 Bytes #999 (0) @ WW
BID : 2449HB1PMS
Read: GAST
Subj: More than 600 Microsoft Subdomains Pose Threat to
Path: DBO595<DBX320<FRB024<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200308/2210Z 8804@HB1BBS.ZL.NLD.EU BPQ6.0.19
Van: HB1PMS@HB1BBS.ZL.NLD.EU
More than 600 Microsoft Subdomains Pose Threat to Users
Hijacking Microsoft subdomains would provide attackers the liberty to bypass
even the most elite anti-spam.
Microsoft acknowledged that this is a common attack method that involves
misleading targets in clicking on a specially crafted malicious link.
A research firm found more than 600 legitimate Microsoft subdomains could be
hijacked and abused for phishing, malware delivery, and scams.
What happened?
Researchers revealed that Microsoft’s DNS records for a subdomain point to a
domain that no longer exists.
In this case, anyone can use this opportunity to creates the non-existent
domain and hijack the subdomain with the misconfigured DNS records.
Researchers created an automated system and scanned all the subdomains of
some important Microsoft domains.
The scan results revealed the existence of over 670 subdomains that could be
hijacked using the above technique.
The damage it may cause
An attacker can potentially direct the visitors of the hijacked subdomain to
a phishing website.
Hijacking Microsoft subdomains would provide attackers the liberty to bypass
even the most elite anti-spam and email security tools in the network
system.
It can be further exploited to acquire authentication credentials or other
sensitive information.
Attackers can trick users into installing malware, uploading sensitive
files, or scam them.
Key findings
To understand how the attack works, researchers have published a blog post
describing their findings.
The researchers have reported around a dozen of the impacted subdomains to
Microsoft.
The reported subdomains include mybrowser[.]microsoft[.]com,
identityhelp.microsoft[.]com, data.teams.microsoft[.]com,
webeditor.visualstudio[.]com, and sxt.cdn.skype[.]com.
Microsoft acknowledged that this is a common attack method that involves
misleading targets in clicking on a specially crafted malicious link.
Closing lines
Earlier, several warnings about the risks posed by subdomain hijacking have
been made. Microsoft took steps to address the issue. But, going by the
recent findings, there are still hundreds of domains that could be abused.
?However, to mitigate such threats, researchers suggested exercising caution
while working through links or files from untrusted sources and email
addresses.
73 Henk.
======================================================================
_ _ ____ __ ____ ____ _____
| | | | _ \/_ | _ \| _ \ / ____| SYS: Henk (hb1nos@hb1bbs.com)
| |__| | |_) || | |_) | |_) | (___ QTH: Ouwerkerk - JO11XO
| __ | _ < | | _ <| _ < \___ \ BBS: HB1BBS.ZLD.NLD.EU
| | | | |_) || | |_) | |_) |____) | QRV: 27.235 MHz (FM 1200bps)
|_| |_|____/ |_|____/|____/|_____/ WEB: www.hb1bbs.com
======================================================================
** Host of BPQ Netrom/Node NLDHUB::NL9HUB 85.214.163.10 UDP 93
======================================================================
** This message is generated with Sally 7.2.033
----------------------------------------------------------------------
** Timed zondag 08 maart 2020 23:07 West-Europa (standaardtijd)
** BBS HB1PMS@HB1BBS.ZL.NLD.EU
Lese vorherige Mail | Lese naechste Mail
| |