Security News

Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications. These emails were detected in May and are ongoing, according to researchers at Zscaler's ThreatLabz, and are similar to a phishing campaign launched a couple of years ago.

A "Dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack makes it possible to launch file-encrypting malware to "Encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," Proofpoint said in a report published today.

Microsoft has released out-of-band Windows updates to address a known issue that would cause Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after installing the June 2022 Patch Tuesday updates. Today's OOB updates will be automatically installed via Windows Update and can also be downloaded and installed manually via the Microsoft Update Catalog.

A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. The operation is ongoing and the threat actor behind it uses fake voicemail notifications to lure victims into opening a malicious HTML attachment.

Microsoft fixes Follina and 55 other CVEsJune 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina, the Microsoft Windows Support Diagnostic Tool RCE that is being widely exploited by attackers. SaaS security: How to avoid "Death by 1000 apps"SaaS applications have become synonymous with modern business environments, and CISOs and security teams struggle to find a happy medium between ensuring the security of their SaaS portfolio and empowering the organization's streamlined business workflows and productivity.

Microsoft is investigating a new known issue causing Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after deploying the June 2022 Windows updates. The complete list of Windows versions affected by this newly acknowledged known issue includes only the following client platforms: Windows 11 21H2, Windows 10 21H2, Windows 10 21H1, and Windows 10, version 20H2. Redmond engineers are now working on a resolution for these AAD and Microsoft 365 login problems and will release a fix to address them with a future Windows update.

Microsoft is extending the Defender brand with a version aimed at families and individuals.Microsoft Defender for individuals, available for Microsoft 365 Personal and Family subscribers, is a cross-platform application, encompassing macOS, iOS, and Android devices and extending "The protection already built into Windows Security beyond your PC.".

Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. According to a new entry on the Windows release health dashboard, Windows devices where one of the June updates has been installed might be unable to use the Wi-Fi hotspot feature.

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out credential theft and lateral movement activities, before harvesting intellectual property and dropping the ransomware payload. The entire sequence of events played out over the course of two full weeks, the Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

Microsoft has announced today the general availability of Microsoft Defender for Individuals, the company's new security solution for personal phones and computers. This new cross-device security solution is available for all Microsoft 365 customers with Personal or Family subscriptions starting today.