Hackers could steal credentials through a Microsoft Outlook vulnerability (CVE-2018-0950) just by having victims preview an email in Microsoft Outlook. This vulnerability was discovered by Will Dormann of the Cert Coordination Center.* Justin Jett, Director of Audit and Compliance at Plixer commented below.
Justin Jett, Director of Audit and Compliance at Plixer:
“With phishing attacks and flaws in software like the recent Microsoft Outlook vulnerability, users’ credentials are being stolen and collected by malicious actors at an alarming rate. Cybercriminals obtain these credentials and then gain a foothold on a corporate network by trying to access servers and computers. Because they know the credentials, they don’t try to brute force their way into a system. They simply try to connect once and move on, and they do this slowly over days, weeks, or even months. If they get in, they continue laterally trying to collect data from the system. Because there isn’t a brute force attempt to gain access, most alerting systems won’t detect these connections. By using network traffic analytics, security professionals can baseline normal credential use and detect when a user’s credentials have been used to try to gain access to a system that they normally don’t access.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.