Phishers Use Zero-Width Spaces to Bypass Office 365 Protections
#1
Quote:A recently addressed vulnerability in Office 365 allowed attackers to bypass existing phishing protections and deliver malicious messages to victims’ inboxes.

The issue, cloud security firm Avanan says, resided in the use of zero-width spaces (ZWSPs) in the middle of malicious URLs within the RAW HTML of the emails. This method breaks the URLs, thus preventing Microsoft’s systems from recognizing them and also preventing Safe Links from successfully protecting users.

What’s more, these zero-width spaces don’t render, meaning that the recipient would not notice the random special characters in the URL. The first wave of emails abusing this vulnerability was observed on November 10, and Microsoft addressed the issue on January 9, Avanan’s security researchers say.

The vulnerability apparently rendered all Office 365 users vulnerable to phishing attacks, even those who were using Microsoft’s Office 365 Advanced Threat Protection. Both URL reputation check and Safe Links protections are bypassed in the attack.

“The vulnerability was discovered when we noticed a large number of hackers using zero-width spaces (ZWSPs) to obfuscate links in phishing emails to Office 365, hiding the phishing URL from Office 365 Security and Office 365 ATP,” the security researchers say.

ZWSPs, Avanan explains, are characters that render to spaces of zero-width, and can be looked at as "empty space" characters. There are 5 ZWSP entities, namely ​ (Zero-Width Space), ‌ (Zero-Width Non-Joiner), ‍ (Zero-Width Joiner),  (Zero-Width No-Break Space), and 0 (Full-Width Digit Zero).

Source: https://www.securityweek.com/phishers-us...rotections
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Mozilla Firefox Browser 134.0
Mozilla Firefox Br...harlan4096 — 11:45
uBOLite_2025.1.7.268
uBOLite_2025.1.7.2...harlan4096 — 11:43
NVIDIA CES 2025 NEWS
NVIDIA announces DLS...harlan4096 — 08:10
NVIDIA CES 2025 NEWS
NVIDIA launches GeFo...harlan4096 — 08:10
NVIDIA CES 2025 NEWS
Watch NVIDIA CES 202...harlan4096 — 08:09

[-]
Birthdays
Today's Birthdays
avatar (44)StephenViedy
Upcoming Birthdays
avatar (49)theoldevext
avatar (44)algratCep
avatar (49)Qlaude2Sap
avatar (43)tabthinLem
avatar (50)Josepharelf
avatar (39)kholukrefar
avatar (48)Lauraimike
avatar (50)WilsonWag
avatar (48)StevenPiole
avatar (39)zetssToomy
avatar (46)GornOr
avatar (49)Jamesmog
avatar (37)opeqyrav
avatar (38)theatidere
avatar (47)denisEquivok
avatar (35)mikebrian01
avatar (37)ivanoFloom
avatar (40)uxegihor

[-]
Online Staff
There are no staff members currently online.

>