Security News

Microsoft has updated the security baseline for Microsoft 365 Apps for enterprise to include protection from JScript code execution attacks and unsigned macros. Security baselines enable security admins to use Microsoft-recommended Group Policy Object baselines to reduce the attack surface of Microsoft 365 Apps and boost the security posture of enterprise endpoints they run on.

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature.

Microsoft has launched the first commercial preview releases for Microsoft Office Long Term Servicing Channel for Windows and Office 2021 for Mac. These are the next versions of non-subscription Office products and are made available only for commercial customers.

Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned. As many Reg readers will no doubt be aware, cracked software is a legitimate application that has had its registration or licensing features removed.

A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted JavaScript code. The subject of the phishing email says "Price revision" and it contains no body - just an attachment that, at first glance, looks like an Excel document, but is actually an HTML document that contains encoded text pointing to two URLs located yourjavascript.com, a free service for hosting JavaScript, and a separate chunk of HTML code.

A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely. The method consists of gluing together multiple pieces of HTML hidden in JavaScript files to obtain the fake login interface and prompt the potential victim to type in the sensitive information.

Zyxel Networks announced the launch of XGS1250-12 12-Port Web-Managed Multi-Gigabit Switch with 3-Port 10G and 1-Port 10G SFP+. Designed to optimize high-bandwidth applications in the home and office, such as HD multimedia content creation and storage, and high-speed WiFi 6 data and IoT traffic, the versatile XGS1250-12 switch features three multi-Gigabit ports to eliminate network bottlenecks for devices such as 10G NAS or servers, WiFi 6 access points and new 2.5G motherboards. The switch features eight Gigabit Ethernet ports, one 10G SFP+ port, and three Multi-Gigabit ports that support five speeds: 10 Gbps, 5 Gbps, 2.5 Gbps, 1 Gbps and 1 Gbps. The highest common link speed is automatically and independently negotiated with each connected device.

Alcatel-Lucent Enterprise and RingCentral are joining forces to launch Rainbow Office, powered by RingCentral, a Unified Communication as a Service solution, in Ireland. Stemming from a strategic partnership between RingCentral and Alcatel-Lucent Enterprise, announced in August 2020, Rainbow Office, powered by RingCentral, will combine the very latest in UCaaS technology from RingCentral, with market-leading networking, communication, and cloud solutions and services from Alcatel-Lucent Enterprise's portfolio, making it a unique offering in the market.

Most of the recent credential phishing attacks seen by Menlo Security served phony Outlook and Office 365 login pages. In its report, the Menlo Tabs team said it discovered a rise in credential phishing attacks over the past month.

The UK's Home Office is on the hunt for a supplier to help support applications running on its counter-terrorism data network to fulfil a contract that could be worth up to £32m. The National Communications Data Service gives security, intelligence, and law enforcement agencies legal access to communications data. In a tender document released last week, the Home Office said it was looking to engage suppliers early before it puts together a contract to "Facilitate the delivery of its communications data applications."