Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections

Z-wasp-phishing-attack
Z-WASP attack: Phishers areusinga recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients.

Microsoft recently fixed a vulnerability in Office 365 that was exploited by attackers to bypass existing phishing protections and deliver malicious messages to victims’ inboxes.

The vulnerability ties with the use of zero-width spaces (ZWSPs) in malicious URLs within the RAW HTML of the emails. This trick allows splitting the URLs making impossible for defense systems to detect malicious messages.

Experts pointed out that both URL reputation check and Safe Links protections are bypassed using this technique.

The bad news is that the recipient would not be able to detect the spaces because they are not rendered.

Experts from cloud-security firm Avanan first observed a campaign busing this issue on November 10. Microsoft addressed the issue on January 9.

“The name Z-WASP references the zero-width space...(continued)

View All Trending Stories