Hackers Bypassing Outlook Spam Filter that Enables to Deliver Weaponized ISO Files

While Microsoft’s inaction poses challenges, integrating advanced email security solutions and fostering a culture of skepticism can reduce susceptibility to hyperlink obfuscation attacks. Evade Post-Download Protections: Even if endpoint security tools flag ISO contents, the initial delivery mechanism remains undetected, allowing persistent phishing campaigns. This decision leaves organizations dependent on third-party email security solutions or manual mitigation efforts. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This method capitalizes on a systemic weakness in email security systems that prioritize surface-level URL analysis over comprehensive link inspection. According to AFINE, a cyber security firm, by obfuscating hyperlinks, attackers may evade this detection. Target High-Value Entities: Organizations relying on Outlook’s native spam filtering—particularly those without layered defense strategies—face acute risks of credential theft and ransomware deployment. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. This vulnerability exposes organizations to heightened risks of phishing and malware attacks, particularly when combined with previously disclosed execution bypass methods. As ISO files remain a favored vector for malware delivery, vigilance at both the email gateway and endpoint levels is essential. Distribute Malware: Weaponized ISO files often contain executables that exploit Mark-of-the-Web (MOTW) bypasses, as demonstrated in recent SmartScreen vulnerabilities. Organizations must adopt a proactive stance, combining technical controls with user awareness to mitigate risks. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. This technique mirrors historical vulnerabilities like CVE-2020-0696, where improper hyperlink parsing in Outlook for Mac permitted similar bypasses.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 25 Feb 2025 09:45:17 +0000


Cyber News related to Hackers Bypassing Outlook Spam Filter that Enables to Deliver Weaponized ISO Files

CVE-2019-6675 - BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the ...
5 years ago
Microsoft says button to restore classic Outlook is broken - Since the beginning of the year, it has addressed other Outlook issues, including one that causes classic Outlook to crash when writing, replying to, or forwarding an email, and another one that led to Classic Outlook and Microsoft 365 applications ...
2 months ago Bleepingcomputer.com
Hackers Bypassing Outlook Spam Filter that Enables to Deliver Weaponized ISO Files - While Microsoft’s inaction poses challenges, integrating advanced email security solutions and fostering a culture of skepticism can reduce susceptibility to hyperlink obfuscation attacks. Evade Post-Download Protections: Even if endpoint security ...
3 months ago Cybersecuritynews.com CVE-2020-0696
Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
1 year ago Bleepingcomputer.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com
Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
1 year ago Bleepingcomputer.com
An In-Depth Guide to the 11 New ISO 27001 Controls - An effective defense against these threats requires a consistent and comprehensive security posture like the one outlined in the ISO 27001 standard. As daunting as these threats seem, up to 80% can be stopped by adopting security controls. The last ...
1 year ago Securityboulevard.com
Microsoft fixes button that restores classic Outlook client - Since the start of the year, it has fixed other Outlook issues, including one that led to Classic Outlook and Microsoft 365 applications crashing on Windows Server 2016 or Windows Server 2019 systems and another one that triggers classic Outlook ...
2 months ago Bleepingcomputer.com
Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
1 year ago Bleepingcomputer.com CVE-2023-35636
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com CVE-2023-23397 CVE-2023-38831 CVE-2021-40444 APT28
Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
1 year ago Techtarget.com CVE-2023-35384 CVE-2023-36710 CVE-2023-23397 CVE-2023-29324
Microsoft fixes Outlook drag-and-drop broken by Windows updates - "After installing the January 2025 Windows non-security preview update and subsequent updates on devices running Windows 11, version 24H2, you may find that you are not able to drag and drop emails or calendar items to folders in classic Outlook," ...
3 months ago Bleepingcomputer.com
'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks - A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can ...
1 year ago Bleepingcomputer.com
CVE-2019-1205 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
1 year ago
CVE-2019-1201 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
1 year ago
Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge - Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ...
1 year ago Cysecurity.news
Hackers Actively Exploiting Outlook Privilege Escalation Flaw - Hackers target and exploit Outlook vulnerabilities because it is a widely used email platform, providing a large potential victim pool. Exploiting vulnerabilities in Outlook allows hackers to:-. In collaboration with the Polish Cyber Command, ...
1 year ago Cybersecuritynews.com CVE-2023-23397
How to Encrypt Emails in Outlook? - If you are sending out a confidential email and are scared of its content getting tampered with in transit, then you should learn how to encrypt an email in Outlook. As of 2023, the global email encryption market size is USD 6.2 billion, which is ...
1 year ago Securityboulevard.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com CVE-2023-23397 Fancy Bear APT28
10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
3 months ago Cybersecuritynews.com
Flipper Zero can now spam Android, Windows users with Bluetooth alerts - A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices. A security researcher previously demonstrated the technique against Apple iOS devices, inspiring others to ...
1 year ago Bleepingcomputer.com
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug - An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab ...
1 year ago Darkreading.com CVE-2023-23397 Fancy Bear APT28
Microsoft: Outlook email sending issues for users with lots of folders - Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. According to Redmond, this is likely related to an older issue concerning mailboxes with more ...
1 year ago Bleepingcomputer.com
Microsoft fixes Outlook email sending issue for users with many folders - ​Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users that caused problems sending emails for those with too many nested folders. In August, Microsoft also shared temporary workarounds for known issues triggering Gmail ...
7 months ago Bleepingcomputer.com
Microsoft warns of CPU spikes when typing in classic Outlook - In recent months, the company also addressed a slew of other Microsoft 365 and Office issues, including a widespread licensing issue blocking access to Microsoft 365 services for some customers with Family subscriptions and a bug triggering Outlook ...
1 month ago Bleepingcomputer.com