Select Page
Outlook for Web Bans 38 More File Extensions in Email Attachments

Outlook for Web Bans 38 More File Extensions in Email Attachments

Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them.

Therefore, to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web.

Previously known as Outlook Web Application or OWA, “Outlook on the Web” is Microsoft’s web-based email client for users to access their emails, calendars, tasks and contacts from Microsoft’s on-premises Exchange Server and cloud-based Exchange Online.

The list of blocked file extensions currently has 104 entries, including .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh, and more.

images from Hacker News

DoorDash Breach Exposes 4.9 Million Users’ Personal Data

DoorDash Breach Exposes 4.9 Million Users’ Personal Data

Do you use DoorDash frequently to order your food online?

If yes, you are highly recommended to change your account password right now immediately.

DoorDash—the popular on-demand food-delivery service—today confirmed a massive data breach that affects almost 5 million people using its platform, including its customers, delivery workers, and merchants as well.

DoorDash is a San Francisco-based on-demand food delivery service (just like Zomato and Swiggy in India) that connects people with their local restaurants and get delivered food on their doorsteps with the help of contracted drivers, also known as “Dashers.”

images from Hacker News

Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers

Microsoft Warns of a New Rare Fileless Malware Hijacking Windows Computers

Watch out Windows users!

There’s a new strain of malware making rounds on the Internet that has already infected thousands of computers worldwide and most likely, your antivirus program would not be able to detect it.

Why? That’s because, first, it’s an advanced fileless malware and second, it leverages only legitimate built-in system utilities and third-party tools to extend its functionality and compromise computers, rather than using any malicious piece of code.

The technique of bringing its own legitimate tools is effective and has rarely been spotted in the wild, helping attackers to blend in their malicious activities with regular network activity or system administration tasks while leaving fewer footprints.

Independently discovered by cybersecurity researchers at Microsoft and Cisco Talos, the malware — dubbed “Nodersok” and “Divergent” — is primarily being distributed via malicious online advertisements and infecting users using a drive-by download attack.

images from Hacker News

Hacker Releases ‘Unpatchable’ Jailbreak For All iOS Devices, iPhone 4s to iPhone X

Hacker Releases ‘Unpatchable’ Jailbreak For All iOS Devices, iPhone 4s to iPhone X

An iOS hacker and cybersecurity researcher today publicly released what he claimed to be a “permanent unpatchable bootrom exploit,” in other words, an epic jailbreak that works on all iOS devices ranging from iPhone 4s (A5 chip) to iPhone 8 and iPhone X (A11 chip).

Dubbed Checkm8, the exploit leverages unpatchable security weaknesses in Apple’s Bootrom (SecureROM), the first significant code that runs on an iPhone while booting, which, if exploited, provides greater system-level access.

“EPIC JAILBREAK: Introducing checkm8 (read “checkmate”), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices,” said axi0mX while announcing the publicly release of the exploit on Twitter.

images from Hacker News

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

Remember the Simjacker vulnerability?

Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.

If you can recall, the Simjacker vulnerability resides in a dynamic SIM toolkit, called the S@T Browser, which comes installed on a variety of SIM cards, including eSIM, provided by mobile operators in at least 30 countries.

images from Hacker News