KnowBe4 - The NoRelationship Attack Bypasses Office 365 Email Attachment Security
Attackers are bypassing Office 365 email attachment security by editing the relationship files that are included with Office documents, according to Yoav Nathaniel at Avanan.
A relationship file is an XML file that contains a list of essential components in the document, such as font tables, settings, and external links. A number of popular email filters, including Microsoft’s Exchange Online Protection (EOP), only scan the links contained in the relationship file, rather than scanning the entire document. Attackers can remove the links from a document’s relationship file, but they will still be active in the actual document.
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-norelationship-attack-bypasses-office-365-email-attachment-security
Comments
Post a Comment