1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hidden text "salting" is letting hackers craft devious email atta

    From TechnologyDaily@1337:1/100 to All on Tue Jan 28 17:15:07 2025
    Hidden text "salting" is letting hackers craft devious email attacks to evade detection

    Date:
    Tue, 28 Jan 2025 17:02:00 +0000

    Description:
    An email scanner sees a lot more than the recipient, which can be both a good and a bad thing, experts warn.

    FULL STORY ======================================================================Security
    researchers are warning about "hidden text salting" in emails Hackers can hide parts of the text to confuse email scanners The hidden text helps the email pass the scans and land in the inbox

    Hackers are increasingly using hidden text salting, or poisoning techniques, to work around email security measures and get phishing messages to land in peoples inboxes.

    A new in-depth guide published by cybersecurity researchers from Cisco Talos outlines how cybercriminals are abusing HTML and CSS properties in email messages, setting the width of some elements to 0, and using the display: hidden feature to hide some content from the victims. They are also inserting zero-width space (ZWSP) and zero-width non-joiner (ZWNJ) characters, and ultimately hiding the true email content, by embedding irrelevant language.

    As a result, email security solutions, spam filters, and brand name
    extractors get confused, and the emails that would otherwise end up in the spam folder, make it directly to the inbox. Advanced filtering

    In its writeup, Cisco Talos has given multiple examples, including one in which attackers hid French words in the emails body. This confused Microsofts Exchange Online Protection (EOP) spam filter which ultimately let the message pass.

    In another example, Cisco Talos said threat actors were using CSS properties and ZWSP characters to hide email content, successfully mimicking Wells
    Fargo, and Norton LifeLock.

    To tackle this strategy, the researchers suggested IT teams adopt advanced filtering techniques that scan the structure of HTML emails, rather than just their contents. An email security solution could, thus, look for extreme use of inline styles or CSS properties such as visibility: hidden. Deploying AI-powered defenses is also recommended.

    Email remains one of the top attack vectors, due to its simplicity, omnipresence, and low cost for a large-scale operation. It also owes its popularity to the fact that it attacks the email security chain on its
    weakest link - the human. You might also like 7 myths about email security everyone should stop believing Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hidden-text-salting-is-letting-hackers- craft-devious-email-attacks-to-evade-detection


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)