InfoSecBulletin Cybersecurity for mankind
Outlook displays an alert when a user receives an email from an unfamiliar address. The alert message says “You don’t often get email from [email protected]. Learn why this is important”. Microsoft refers to this as the First Contact Safety Tip. It is one of the anti-phishing measures provided by Exchange Online Protection (EOP) and Microsoft Defender for organizations using Office 365.
You can change how the First Contact Safety Tip is displayed in an HTML email by using CSS style tags.
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
CTF in Bangladesh: Unveiling Challenges, Opportunities and remedies
Bitdefender blog post
Medusa target Fortinet flaw (CVE-2023-48788) for Ransomware Attacks
Ivanti alerts ongoing exploitation of recently patched CAV
CISA unveils 25 new advisories for Industrial Control Systems
Intel Issues Alert on 20+ Vulnerabilities, Urges Firmware Updates
Urgent: GitLab Patches flaws allowing unapproved pipeline Job Execution
Fortinet admits data breach after hacker claims to steal 440GB
Gov.t issues high alert on android devices
To hide the First Contact Safety Tip in an HTML email, we can change the background and font colors to white. This will make the alert effectively invisible to the end user.
<head>
</head>
<head>
<style>
a {
display: none;
}
td div {
color: white;
font-size: 0px;
}
table tbody tr td {
background-color: white !important;
color: white !important;
}
</style>
</head>
…[SNIP]…
By using this HTML code in an e-mail, the alert does not show up in the email body anymore!
Note that the e-mail preview (highlighted in red) still begins with the Safety Tip.
Responsible Disclosure:
After developing a proof of concept, and preparing an advisory, we made Microsoft aware of these issues through the Microsoft Researcher Portal (MSRC). Microsoft chose to not address this behavior for now: (Click here to read the full report)
