MAJun 19, 2024
Lorenzo Franceschi-Bicchierai

NEW: An unpatched bug allows anyone to spoof any Microsoft corporate email address, giving malicious hackers a better chance to send credible and harder to spot phishing emails.

Researcher demonstrated to us the bug, sending an email that looked like it was from Microsoft's account security team. The bug only works if target uses an Outlook account.

https://techcrunch.com/2024/06/18/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/

Security bug allows anyone to spoof Microsoft employee emails | TechCrunch

A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.

TechCrunch
Jun 18, 2024 at 5:50pmWeb
Show threadVissJun 18, 2024
@lorenzofb fantastic
Show threadJohn Von RaderJun 18, 2024
@lorenzofb Because we were in such desperate need of another Microsoft vuln this year.
Show threadVessOnSecurityJun 18, 2024
@lorenzofb I'd trust an e-mail coming from a Nigerian prince more than an e-mail coming from a Microsoft employee...
Show threadcekJun 20, 2024
Hopefully, it's not a resurfaced SMTP smuggling bug again.