Recent research unveils how threat actors are exploiting a flaw in Microsoft 365's Direct Send feature, enabling them to deliver phishing emails from internal devices like printers and scanners. This vulnerability has impacted over 70 organizations, mainly in the U.S. Since emails sent from within Microsoft 365 are less scrutinized than external messages, attackers are able to spoof emails without needing authentication. The campaign highlights the risks associated with balancing functionality and security in software design.
This discovery underscores a classic case of functionality versus security, as the design for convenience allows devices like printers to send emails without authentication, opening doors for abuse.
M365 Direct Send is intended for internal use only but is easily accessed by attackers because no authentication is required, enabling them to spoof emails effortlessly.
Collection
[
|
...
]