microsoft: Microsoft Office users, researchers have a ‘warning’ for you

Microsoft Office is a suite of office-related applications. It is one of the most-widely used set of office applications worldwide. Thanks to its popularity, it is also constant target of hackers. Security researchers at BitDefender have claimed that Microsoft’s suite of office software could be abused to launch a range of phishing attacks targeted at users of Outlook, Word, Excel, OneNote and PowerPoint. Called homograph attacks, these are claimed to be smart enough to trick even the most internet-savvy users. So, it is important for users to be extra careful.

Microsoft Office is a suite of office-related applications. It is one of the most-widely used set of office applications worldwide. Thanks to its popularity, it is also a constant target of hackers. Security researchers at BitDefender have claimed that Microsoft’s suite of office software could be abused to launch a range of phishing attacks targeted at users of Outlook, Word, Excel, OneNote and PowerPoint. Called homograph attacks, these are claimed to be smart enough to trick even the most internet-savvy users. So, it is important for users to be extra careful.
What are homograph attacks
Homograph attacks misuse similar-looking characters to deceive users (for example –“Microsoft”). The potential of these attacks increases a lot when they are based on international domain names (IDN) and are used against apps, instead of browsers. BitDefender analysts found out that all Microsoft Office applications are unprotected against such attacks. The researchers tested how these applications behaved when they encountered an IDN homograph attack.
These attacks tend to misuse the internationalisation of the internet. In the early days, all domains on the web used the Latin alphabet, which consisted of 26 characters. Later on, the internet expanded to include more characters that include the Cyrillic alphabet (used in Eastern Europe and Russia). This offered the attackers a wide playground to combine different characters and create phishing sites with URLs that look very similar to the authentic website.
How can it affect users
To make it simple for regular users, hackers and bad actors can force Microsoft Office apps, say Outlook, to show a link that looks legitimate. Users may not be able to tell the difference until the site is opened in their browser. In some cases, as users land on these malicious websites, it triggers a malware download.
Meanwhile, the good news is that BitDefender has claimed that such an attack is not easy to carry out and is unlikely to be used at a scale. However, this vulnerability can be abused as a highly potent weapon for targeted attacks like state-sponsored cyber attackers targeting certain high-value companies to hack their passwords and other sensitive data.
Microsoft’s reaction to this security issue
Bitdefender reported this issue to Microsoft in October 2021 and the tech giant has also acknowledged the threat as real. However, the company has not issued a patch to fix this exploit.

FOLLOW US ON SOCIAL MEDIA

FacebookTwitterInstagramKOO APPYOUTUBE

!(function(f, b, e, v, n, t, s) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadFBEvents = function() {
(function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ? n.callMethod(…arguments) : n.queue.push(arguments);
};
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s);
})(f, b, e, v, n, t, s);
fbq(‘init’, ‘593671331875494’);
fbq(‘track’, ‘PageView’);
};
})(
window,
document,
‘script’,
‘https://connect.facebook.net/en_US/fbevents.js’,
);if(typeof window !== ‘undefined’) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadScriptsOnceAdsReady = () => {
var scripts = [‘https://static.clmbtech.com/ad/commons/js/2658/toi/colombia_v2.js’,
‘https://www.googletagmanager.com/gtag/js?id=AW-877820074’,
‘https://imasdk.googleapis.com/js/sdkloader/ima3.js’,
‘https://tvid.in/sdk/loader.js’,
‘https://timesofindia.indiatimes.com/video_comscore_api/version-3.cms’,
‘https://timesofindia.indiatimes.com/grxpushnotification_js/minify-1,version-1.cms’,
‘https://connect.facebook.net/en_US/sdk.js#version=v10.0&xfbml=true’,
‘https://timesofindia.indiatimes.com/locateservice_js/minify-1,version-12.cms’
];
scripts.forEach(function(url) {
let script = document.createElement(‘script’);
script.type=”text/javascript”;
if(!false && !false && url.indexOf(‘colombia_v2’)!== -1){
script.src = url;
} else if (!false && !false && url.indexOf(‘sdkloader’)!== -1) {
script.src = url;
} else if (url.indexOf(‘colombia_v2’)== -1 && url.indexOf(‘sdkloader’)== -1){
script.src = url;
}
script.async = true;
document.body.appendChild(script);
});
}
}

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.