Security News

Abnormal Security removed the blog post after receiving legal notice from Zix. Through their PR agency, Zix contacted us to say that the blog post was removed because they believe it contained multiple false and misleading statements, and they asked us to remove our article or issue a retraction.

Microsoft is working on addressing an Office 365 issue that has resulted in legitimate emails sent from multiple domains getting tagged as malicious and quarantined. "Users having multiple issues related to email flow, links within email messages and the Microsoft Defender portal," Microsoft says in the Microsoft 365 admin center.

Security professionals are bracing for the next phase of the remote work reality: personal devices coming back into the office and bringing along all the associated security risks. Security teams are worried about the security status of laptops, smartphones and tablets employees will bring to the office after using them on a home network for months without proper supervision or control.

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization's own email login page. The apps will persist in a user's Office 365 account indefinitely until removed, and will survive even after an account password reset.

Qohash expanded its U.S. presence with a New Jersey office and three senior account executives who will focus on sales in the U.S. market. Qohash Solutions, Inc. was launched to accelerate access to the company's cloud-based Qostodian Prime data risk management platform nationally and in the New York metro area, where many major financial institutions are based.

Microsoft has updated the security baseline for Microsoft 365 Apps for enterprise to include protection from JScript code execution attacks and unsigned macros. Security baselines enable security admins to use Microsoft-recommended Group Policy Object baselines to reduce the attack surface of Microsoft 365 Apps and boost the security posture of enterprise endpoints they run on.

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature.

Microsoft has launched the first commercial preview releases for Microsoft Office Long Term Servicing Channel for Windows and Office 2021 for Mac. These are the next versions of non-subscription Office products and are made available only for commercial customers.

Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned. As many Reg readers will no doubt be aware, cracked software is a legitimate application that has had its registration or licensing features removed.

A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted JavaScript code. The subject of the phishing email says "Price revision" and it contains no body - just an attachment that, at first glance, looks like an Excel document, but is actually an HTML document that contains encoded text pointing to two URLs located yourjavascript.com, a free service for hosting JavaScript, and a separate chunk of HTML code.