Security News
According to researchers from Proofpoint, targets receive a well-crafted lures asking them to click a link which carries them to the legitimate Microsoft third-party apps consent page. "The ability to perform reconnaissance on an O365 account supplies an actor with valuable information that can later be weaponized in business email compromise attacks or account takeoversThe minimal [read-only] permissions requested by these apps also likely help them appear inconspicuous if an organization's O365 administrator audits connected apps for their users' accounts."
A new "Zero-click" MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval - meaning that when a user opens the document, the macro is automatically executed.
A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.
To help organisations secure and protect their important business data, Proact, Europe's leading independent data centre and cloud services provider, has launched BaaS-O365 - a new backup and recovery service for customers using Microsoft Office 365. BaaS-O365 is a new managed service from Proact that provides complete backup and recovery for Office 365 Business/Enterprise data, including Exchange Online, SharePoint Online and OneDrive for Business.
Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences. It's a big step forward because Office macros, embedded scripts, active content like OLE and COM controls, and documents with obfuscated links to malware remain a major source of attacks - and Protected View leaves a key security decision up to users who may be ill-equipped to decide which documents are safe.
In a move calculated to make a dent in the data protection landscape, leading data management solutions vendor, Parablu, announced the launch of their SaaS backup solution - BluVault for Microsoft Office 365. Parablu's BluVault for Office 365 enables secure cloud backup and recovery and lets enterprises create a redundant copy of their SaaS data assets.
Security researchers with Cisco's Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim's devices through malicious Microsoft Office documents. "We don't know why specifically these countries, the attackers simply hardcoded these countries in the malware. The attackers had complete control of the compromised systems. The purpose of the campaigns were cyber espionage," Rascagneres said.
Veeam Software, the leader in backup solutions that deliver Cloud Data Management, announced the public beta release of the new Veeam Backup for Microsoft Office 365 v4. Additionally, the company...
Lookout, the leader in securing the post-perimeter world, has announced a new, strategic integration to secure bring-your-own-devices (BYOD) for Microsoft Office 365 users. Lookout Mobile Endpoint...
Microsoft Office for Mac does not properly disable XLM macros, thus exposing users to code execution attacks, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University warns. read more