Security researchers have uncovered a new set of targeted phishing attacks on users of the Microsoft Hotmail and Yahoo Mail services.
Trend Micro is reporting a set of targeted attacks which the company believes are part of a larger campaign to compromise systems and access user data. The company said that the attacks included both malicious file attachments, as well as attempts to exploit flaws in the webmail services themselves to harvest user credentials. Trend Micro senior threat researcher Nart Villeneuve told V3.co.uk that the attackers attempted to exploit cross-site scripting (CSS) flaws in both platforms, as well as use specially-crafted Word documents containing malware. In the case of Yahoo Mail, however, things did not go quite as planned.
"They were trying to exploit a CSS vulnerability in Yahoo Webmail to steal the cookies, so they could have access to that session, but their code didn't actually work," he explained.
Trend's report comes just days after Google reported a series of attacks on its Gmail service, which targeted the accounts of both government officials and political activist groups.
Villeneuve said that while there was similarity in the attacks, the company could not find evidence directly linking the Hotmail and Yahoo Mail operations to the Gmail incident.
In a statement provided to V3.co.uk, Microsoft safety services general manager John Scarrow said that the company did not find any evidence that Hotmail was being targeted by the operation.
"Microsoft is not aware of any Hotmail customers being targeted by the specific phishing attacks that occurred earlier this week," Scarrow said.
"However, phishing attacks and other forms of abuse are a persistent industry challenge."
At the time of publication, Yahoo had yet to respond to a request for comment on the report.
To help prevent users from falling victim to targeted attacks, Villeneuve suggested that users keep a careful eye on emails which claim to be from colleagues. He noted that clues such as grammatical errors and unusual data requests will often give away a phishing attempt.
"Once users are aware that these attacks do happen they can look for things that don't exactly make sense," he said.
"Little tricks like that can help users initially decide to treat an email with a little bit of suspicion."
Trend Micro is reporting a set of targeted attacks which the company believes are part of a larger campaign to compromise systems and access user data. The company said that the attacks included both malicious file attachments, as well as attempts to exploit flaws in the webmail services themselves to harvest user credentials. Trend Micro senior threat researcher Nart Villeneuve told V3.co.uk that the attackers attempted to exploit cross-site scripting (CSS) flaws in both platforms, as well as use specially-crafted Word documents containing malware. In the case of Yahoo Mail, however, things did not go quite as planned.
"They were trying to exploit a CSS vulnerability in Yahoo Webmail to steal the cookies, so they could have access to that session, but their code didn't actually work," he explained.
Trend's report comes just days after Google reported a series of attacks on its Gmail service, which targeted the accounts of both government officials and political activist groups.
Villeneuve said that while there was similarity in the attacks, the company could not find evidence directly linking the Hotmail and Yahoo Mail operations to the Gmail incident.
In a statement provided to V3.co.uk, Microsoft safety services general manager John Scarrow said that the company did not find any evidence that Hotmail was being targeted by the operation.
"Microsoft is not aware of any Hotmail customers being targeted by the specific phishing attacks that occurred earlier this week," Scarrow said.
"However, phishing attacks and other forms of abuse are a persistent industry challenge."
At the time of publication, Yahoo had yet to respond to a request for comment on the report.
To help prevent users from falling victim to targeted attacks, Villeneuve suggested that users keep a careful eye on emails which claim to be from colleagues. He noted that clues such as grammatical errors and unusual data requests will often give away a phishing attempt.
"Once users are aware that these attacks do happen they can look for things that don't exactly make sense," he said.
"Little tricks like that can help users initially decide to treat an email with a little bit of suspicion."
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
vulnerablity
