21 matches found
Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports
The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account MSA consumer signing key used to forge Azure Active...
Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory Azure AD tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account MSA consumer signing key to breach two dozen organizations. "Storm-0558 acquired an inactive MSA consum...
Fedora 28 : webkit2gtk3 (2018-97c58e29e4)
This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...
Fedora 27 : webkitgtk4 (2018-93ba62d099)
This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...
Cross site scripting
The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...
CVE-2017-16962
The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...
CVE-2017-16962
The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...
CVE-2017-16962
Summary: CVE-2017-16962 affects CommuniGate Pro WebMail Crystal, pronto, and pronto4 components before version 6.2.1. The issue is a stored cross-site scripting (XSS) vulnerability. An attacker can craft calendar invitations or items that trigger scripts when rendered by WebMail, via vectors incl...
OUTLOOK.COM Cloud Service Detection
Binary data 8489.prm...
Facebook Says 95 Percent of Notification Email Encrypted
All that’s missing from the organic encrypt the web movement seems to be a hashtag. Otherwise, no one can accuse major web providers of slacking as leading players such as Microsoft and Yahoo, prompted by the Snowden leaks, have made noteworthy leaps in the last 15 months to encrypt everything fr...
Outlook.com for Android insufficient certificate validation
Server certificate is not checked...
Outlook.com for Android fails to validate server certificates
------------------------------------------------------------------------ Outlook.com for Android fails to validate server certificates ------------------------------------------------------------------------ Yorick Koster, April 2014...
CVE-2014-5239
The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5239
The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5239
Summary: CVE-2014-5239 affects Outlook.com for Android prior to version 7.8.2.12.49.7090, where the WebView-based login flow does not verify X.509 certificates, enabling MITM attacks and potential credential leakage. Root cause: insecure SSL handling in the app’s SSL error path. Impact (as descri...
JVN#72950786: Outlook.com for Android contains an issue where it fails to verify SSL server certificates
Outlook.com for Android contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...
Microsoft Expands TLS, Forward Secrecy Support
Microsoft is no exception when it comes to large technology providers committing to encrypting the services its users depend on. Today, the company announced an update on the progress it has made in engineering those changes, including the news that Outlook.com, its web-based email service,...
Add your Outlook.com account in Outlook for Windows
Add your Outlook.com account in Outlook for Windows Using Outlook gives you the opportunity to access many different types of email accounts from one place. If you have a Microsoft email account that ends in @outlook.com, @live.com, @hotmail.com, or @msn.com, follow the steps below to add your...
Microsoft Asks AG to Let It Publish Detailed Data Request Information
Microsoft, responding to allegations that the company has helped the NSA circumvent encryption in Skype and Outlook.com and provided direct access to data from those and other services, says that it does none of those things and is petitioning the government for permission to publish more...