ZeroFont Phishing is a new yet old technique for sending Phishing emails. It allows threat actors to bypass security mechanisms and successfully send phishing emails. Using this technique, attackers were able to evade Microsoft’s Natural Language Processing, which was serving as portion against phishing emails for Office users.
Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities...
By infosecbulletin
/ Wednesday , September 11 2024
In August, Cybersecurity researchers identified 21 new ransomware variants that threaten indivisual and business. Cybercriminals are improving their tactics, making...
By infosecbulletin
/ Wednesday , September 11 2024
Microsoft patched September 2024 Tuesday addressing 79 vulnerabilities, including four actively exploited zero-days which covers critical flaws in Windows Installer,...
Microsoft is focused on securing its customers in all areas, especially phishing attacks. Phishing attacks, also known as Business Email Compromise, are commonly used by threat actors to infiltrate organizations.
Threat actors used the ZeroFont Phishing attack to bypass email content authentication. The technique was used to understand different types of information, like banking details, user accounts, password resets, and financial requests.
ZeroFont Phishing
The attacker sends a fake email pretending to be from Office 365, warning the victim about a quota limit. The email looks like it’s from an administrative service. The phishing email uses the ZeroFont attack to bypass security measures.
Threat actors inserted random text inside the email, which had <span style=”FONT-SIZE: 0px”> for a zero font size, and broke up the text strings to bypass Microsoft’s natural language processing.
To read the full report published by Avana click here.