Security News

Microsoft is rolling out Built-In Protection to Defender for Office 365, a new feature that would automatically enable recommended settings and policies to make sure all new and existing users get at least a basic level of protection.Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with automated attack remediation and defends them from various threats, including business email compromise and credential phishing.

The Emotet malware delivery botnet is back, almost a year after law enforcement agencies bragged about shutting it down and arresting the operators. The revival of Emotet is serious because in its final form the Windows malware network was increasingly being used to deliver ransomware, as well as the traditional online banking credential-stealing code it was previously best known for.

A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. Office 365 credentials are a common target for phishing attacks.

Kaspersky said today that a legitimate Amazon Simple Email Service token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.

A novel threat actor with unclear motivesis running a crimeware campaign delivering multiple Windows and Android RATs through the exploitation of CVE-2017-11882. The actor has registered multiple domains that feature political themes such as diplomatic and humanitarian efforts and uses them to deliver malware payloads to the victims.

Microsoft has been branded as "The world's best malware hoster for about a decade," thanks to abuse of the Office 365 and Live platform, as well as its slow response to reports by security researchers. TheAnalyst noted that a BazarLoader malware campaign was hosting its malware on Microsoft's OneDrive service.

The threat actor's goal is Microsoft Office 365 account takeovers. Microsoft, which began tracking the activity in late July 2021, detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran.

Russian law enforcement on Tuesday has arrested Ilya Sachkov, the co-founder and CEO of cybersecurity company Group-IB, on suspicion of high treason resulting from sharing data with foreign intelligence. Authorities carried out searches at Group-IB offices in Moscow that started early morning on Tuesday and lasted till evening.

Despite office workers being aware of the cybersecurity challenges faced by their employer - especially when it comes to hybrid working - many admit to high risk behavior including sharing passwords, downloading non-work related files and even losing work-owned devices, a BlueFort Security survey reveals. Despite the above, 33 percent of office workers said that they will not be taking any measures or extra precautions when transporting devices with access to company data from remote to office.

While most of Azure Active Directory's security features require an enterprise Microsoft 365 account, an E3 or better, you can still get some benefit from Azure Active Directory from an Office 365 account. It's worth using these tools to see what exposure you have to drive-by attacks, where techniques like password dictionary sprays are used to break into poorly secured accounts.