Security News
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.
Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. "Since starting around 1/23/24 users have reported issues connecting with Outlook 2013, Outlook 2016, Outlook for Microsoft 365, Thunderbird, and mobile email apps when connecting with POP, IMAP, and Exchange connections," Microsoft says.
Microsoft is investigating a second outage affecting Microsoft Teams users across North and South America in the last three days. "We're investigating an issue in which users may be unable to access Microsoft Teams or features within North America, Canada, and Brazil," Microsoft said via the company's official Microsoft 365 status account on X. Teams users affected by these ongoing issues can find more information in an incident report tagged as TM710900 in the Microsoft 365 admin center.
Microsoft is reporting that a Russian intelligence agency-the same one responsible for SolarWinds-accessed the email system of the company's executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.
Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication enabled. On Thursday, Redmond admitted Midnight Blizzard - a Moscow-supported espionage team also known as APT29 or Cozy Bear - "Utilized password spray attacks that successfully compromised a legacy, non-production test tenant account that did not have multifactor authentication enabled."
Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which comes with both the Desktop Experience and Server Core installation options for Datacenter and Standard editions, Annual Channel for Container Host and Azure Edition.
Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. "If you have a recent Windows Server insider build installed, you can now go to Windows Update in Settings app, and check for updates. This will bring you a newer build, as a Feature update," said Microsoft software engineer Artem Pronichkin.
Microsoft is investigating an ongoing and widespread outage impacting the users of its Teams communication platform and causing connectivity issues, login problems, and message delays."We've identified a networking issue impacting a portion of the Teams service and we're performing a failover to remediate impact. Additional information can be found under TM710344 in the admin center," tweeted the official Microsoft account for updates on Microsoft365 service incidents.
On January 12, 2024, Microsoft discovered that Russian hackers breached its systems in November 2023 and stole email from their leadership, cybersecurity, and legal teams.Microsoft now explains that the threat actors used residential proxies and "Password spraying" brute-force attacks to target a small number of accounts, with one of these accounts being a "Legacy, non-production test tenant account."
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's...