CySecurity News – Latest Information Security and Hacking Incidents
A classic phishing tactic using mislabeled files is being used to deceive Microsoft 365 users into revealing their credentials. Malicious actors are dusting off Right-to-Left Override (RLO) attacks to fool victims into running files with altered extensions, as per cybersecurity researchers at Vade. Victims are requested to enter their Microsoft 365 login details when they open the files.
In the previous two weeks, Vade’s threat analysis team has discovered more than 200 RLO attacks targeting Microsoft 365 users. The technique of assault was:
Within the Unicode encoding system, the RLO character [U+202e] is a special non-printing character. The symbol was created to support languages like Arabic and Hebrew, which are written and read from right to left.
The special character, which can be found in the Windows and Linux character maps, can be used to mask the file type. The executable file abc[U+202e]txt.exe, for example, will display in Windows as abcexe.txt, misleading people to believe it is a.txt file.
The threat has been present for more than a decade, and CVE-2009-3376 was first identified in 2008 in Mozilla Foundation and Unicode technical reports.
“While Right-to-Left Override (RLO) attack is an old technique to trick users into executing a file with a disguised extension, this spoofing method is back with new pu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: