Updated News Around the World

Urgent Microsoft warning: New bug lets strangers take complete control of your emails

A worrying new warning has been issued by Microsoft after the discovery of a vicious new bug that can give cyber criminals full access to email accounts, personal calendars and even contacts lists. The threat, which was first discovered by Twitter user @ffforward, uses a fake app named “Upgrade” that, once installed on a PC, is able to set about stealing authentication tokens in Office 365.

If a victim is tricked and agrees to the full permissions asked for during the installation process it allows cyber crooks to gain complete access to their accounts. This means thieves can route through emails, look at calendars and even send messages to other personal contacts in a bid to spread the bug further.

Microsoft is clearly concerned about the threat with the firm’s Security Intelligence service confirming that they are currently tracking the scam.

In a post on Twitter the Redmond company said: “Microsoft is tracking a recent consent phishing campaign, reported by @ffforward, that abuses OAuth request links to trick users into granting consent to an app named ‘Upgrade’.

“The phishing messages mislead users into granting the app permissions that could allow attackers to create inbox rules, read and write emails and calendar items, and read contacts.

Microsoft says it has now managed to deactivate the app and is currently notifying affected customers.

However, if you receive an email that asks you to install an app called “Upgrade” the advice is still simple. Delete the message and do not allow any permissions as this could leave your email open to attack.

“This is a very clever phishing campaign which can circumnavigate the protection that comes with multi factor authentication, said Jake Moore Global Cybersecurity Advisor at ESET.

“It highlights the powerful manipulation used in targeted phishing emails and that standard protection in this form of authentication is still not fool proof. Attackers will go to great lengths to attempt entry and a percentage of people will easily be influenced into handing this code over in real time giving full access over to their accounts.

“People should remain alert to any request for their unique authentication codes but better still would be to rely on a physical security key which adds a far stronger level of protection.”

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.