9 matches found
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts...
Fake calendar invites are spreading. Here’s how to remove them and prevent more
We’re seeing a surge in phishing calendar invites that users can’t delete, or that keep coming back because they sync across devices. The good news is you can remove them and block future spam by changing a few settings. Most of these unwanted calendar entries are there for phishing purposes. Mos...
EUVD-2017-18909
Malware in sbrugna...
PT-2024-18197 · Microsoft · Outlook
Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: A critical issue in the calendar feature of Microsoft Outlook exposes Windows login credentials to remote theft. To protect against this, enabling multi-factor authentication is...
PT-2023-7682 · Microsoft · Outlook
Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: The issue is related to the calendar sharing function in Microsoft Outlook, which can be exploited to access NT LAN Manager NTLM v2 hashed passwords. Attackers can steal NTLM...
July 7, 2020, update for Office 2016 (KB4484174)
July 7, 2020, update for Office 2016 KB4484174 This article describes update 4484174 for Microsoft Office 2016 that was released on July 7, 2020.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...
Description of the security update for Office 2016: February 12, 2019
Description of the security update for Office 2016: February 12, 2019 Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft Office does not validate URLs. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures...
CVE-2017-16962
The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...
Outlook Calendar Transfer Full - Base64 encoded String, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Outlook Calendar Transfer Full published at the 'play' market has multiple vulnerabilities...