TZUTC: -0500   
   MSGID: 526.consprcy@1:2320/105 2c400ae9   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Criminals are using CSS to get around filters and track email usage   
      
   Date:   
   Tue, 18 Mar 2025 16:22:00 +0000   
      
   Description:   
   Hackers are building on their salting technique to bypass email protection,   
   track users, and redirect them to phishing pages.   
      
   FULL STORY   
      
   Cybercriminals are using CSS in emails to track their victims, learn more   
   about them, and redirect them to phishing pages, experts have warned.    
      
   Cybersecurity researchers at Cisco Talos outlined how CSS (Cascading Style   
   Sheets) is used in emails to control the design, layout, and formatting of   
   email content. Businesses use it not only to make the emails look better, but   
   also to keep the layout consistent across different email clients. There is   
   nothing inherently malicious about CSS but, as is the case with many other   
   legitimate tools, it is being abused in attacks.    
      
   "The features available in CSS allow attackers and spammers to track users'   
   actions and preferences, even though several features related to dynamic   
   content (e.g., JavaScript) are restricted in email clients compared to web   
   browsers ," a Cisco Talos researcher said in a report.   
      
   Advanced filtering techniques   
      
   Through CSS, cybercriminals can hide content in plain sight, thus bypassing   
   email security solutions. They can also use it to redirect people to phishing   
   pages, it was said. The tool can be used to monitor user behavior which, in   
   turn, can lead to spear-phishing or fingerprinting attacks.    
      
   "This abuse can range from identifying recipients' font and color scheme   
   preferences and client language to even tracking their actions (e.g., viewing   
   or printing emails)," they said. "CSS provides a wide range of rules and   
   properties that can help spammers and threat actors fingerprint users, their   
   webmail or email client, and their system. For example, the media at-rule can   
   detect certain attributes of a user's environment, including screen size,   
   resolution, and color depth."    
      
   Cisco Talos said the new campaign builds upon a hidden text salting one they   
   uncovered in late January 2025.    
      
   To tackle this threat , the researchers suggested IT teams adopt advanced   
   filtering techniques that scan the structure of HTML emails, rather than just   
   their contents. An email security solution could, thus, look for extreme use   
   of inline styles or CSS properties such as visibility: hidden. Deploying   
   AI-powered defenses is also recommended.    
      
    Via The Hacker News   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/criminals-are-using-css-to-get-around-f   
   ilters-and-track-email-usage   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426