Security News

Jason Nurse, an associate professor in cybersecurity at the University of Kent, and a visiting academic at the University of Oxford, cautioned that personal photos and information shared via various online platforms used by remote workers can expose not only the employee, but also corporate networks, to threats from savvy attackers who are looking to exploit personal data. With more workers online than ever due to the COVID-19 pandemic, people have gotten so comfortable with sharing photos and other personal information online that they may not be aware of how it can be misused, Nurse said.

In response to a security breach that exposed personal information from around 1.6 million unemployment claims filed last year, the Washington Senate has unanimously passed a measure that creates a state Office of Cybersecurity. The measure, passed by the chamber on Wednesday, creates the new office within the Office of the Chief Information Officer.

Microsoft announced the launch of Microsoft Office Long Term Servicing Channel and Office 2021 later this year for clients who don't want to get an Office 365 cloud subscription service. These are the company's next perpetual and one-time purchase Office releases, respectively, both of them to get a five-year support lifecycle after Microsoft reduced Office LTSC and Windows 10 LTSC lifecycles from 10 to 5 years.

Microsoft is adding new security warnings to the Security and Compliance Center default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants. It has recently been made available for personal use to anyone with a Microsoft account after previously being available only to business users with Microsoft 365 Personal and Microsoft 365 Family subscriptions.

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. Microsoft also released non-security Office updates last week addressing bugs that may lead to PowerPoint crashes and other issues affecting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products.

Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap. Defender for Office 365 protects the emails of Office 365 enterprise accounts from various threats including but not limited to credential phishing and business email compromise.

Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap. Microsoft Defender for Office 365 provides Office 365 enterprise accounts with email protection against several types of threats including credential phishing and business email compromise, as well as automated attack remediation.

Microsoft has warned of an increasing number of consent phishing attacks targeting remote workers during recent months, BleepingComputer has learned. Consent phishing is an application-based attack variant where the attackers attempt to trick targets into providing malicious Office 365 OAuth apps with access to their Office 365 accounts.

Zoom announced the general availability of Zoom Rooms innovations that will help organizations safely re-enter the office and sustain an 'everywhere workforce'. Pair a Zoom Room with your mobile device: Pair your iOS or Android mobile client to a Zoom Room, easily join meetings on the Zoom Rooms directly from your client and your mobile client is automatically placed in companion mode during the meeting.

A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. Clicking the thumbnail or "View File" link leads to the final phishing page, asking victims to log in with their Microsoft credentials, and asks them to provide alternate email addresses or phone numbers - an effort to collect data that could be used to get around two-factor authentication or account recovery mechanisms.