Security News

Asigra software version 14.2 support for the Microsoft software suite empowers solution providers to significantly lower cybersecurity threats targeting backup repositories with MS Office 365 data. Asigra Cloud Backup with Deep MFA allows users to easily schedule the creation of point-in-time backup copies of mailboxes and corporate data residing in Microsoft Office 365 Exchange Online, Office 365 Groups, SharePoint Online, and OneDrive for Business - with no limitations on data volumes or number of mailboxes.

The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims' Office 365 credentials.

Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates. Redmond also issued the December 2020 Patch Tuesday security updates, with security updates for 58 vulnerabilities, nine of them rated as Critical.

With 85% product growth year-over-year in Q3'20, Veeam Backup for Microsoft Office 365 has exceeded 133,000 downloads across tens of thousands of organizations, which are relying on Veeam to protect their Office 365 data, including Exchange Online, SharePoint Online, OneDrive for Business, and now backup and recovery specifically built for Microsoft Teams. The Teams configurations, which include settings, members and team structure, are vital components to ensure Teams data is fully protected and easily recoverable. Veeam is meeting this critical business need with our new version of Veeam Backup for Microsoft Office 365.".

Microsoft has released the November 2020 non-security Microsoft Office updates with performance enhancements and fixes for known issues impacting Windows Installer editions of Office 2016 products. Four of the Office November 2020 non-security updates apply to the entire Microsoft Office 2016 software suite, while five others address issues impacting standalone Office products like Word, Project, and Visio.

During an upcoming presentation at HITB CyberWeek 2020, Ashar Javed, a security engineer at Hyundai AutoEver Europe, will share stories from his journey towards discovering 365 valid bugs in Microsoft Office 365. I found literally hundreds of bugs in Office 365 but my favourite are All your Power Apps Portals belong to us and Cross-tenant privacy leak in Office 365.

Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry - and using visual CAPTCHAs to avoid detection and appear legitimate. Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works - so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.

According to researchers from Proofpoint, targets receive a well-crafted lures asking them to click a link which carries them to the legitimate Microsoft third-party apps consent page. "The ability to perform reconnaissance on an O365 account supplies an actor with valuable information that can later be weaponized in business email compromise attacks or account takeoversThe minimal [read-only] permissions requested by these apps also likely help them appear inconspicuous if an organization's O365 administrator audits connected apps for their users' accounts."

A new "Zero-click" MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval - meaning that when a user opens the document, the macro is automatically executed.

A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.