ThreatPost: Attackers Exploit Flaw in Google Docs’ Comments Feature

ThreatPost: Attackers Exploit Flaw in Google Docs’ Comments Feature. “A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said. Attackers are using the ‘Comments’ feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered.”

Ars Technica: Microsoft Outlook shows real person’s contact info for IDN phishing emails

Ars Technica: Microsoft Outlook shows real person’s contact info for IDN phishing emails. “This week, infosec professional and pentester DobbyWanKenobi demonstrated how they were able to trick the Address Book component of Microsoft Office to display a real person’s contact info for a spoofed sender email address by using IDNs. Internationalized Domain Names (IDNs) are domains consisting of a mixed Unicode character set, such as letters from both Latin and Cyrillic alphabets that could make the domain appear identical to a regular ASCII domain.”

The Hacker News: Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

The Hacker News: Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months. “Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out. From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers.”