Security News

The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims' Office 365 credentials.

Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates. Redmond also issued the December 2020 Patch Tuesday security updates, with security updates for 58 vulnerabilities, nine of them rated as Critical.

A spearphishing attack is spoofing Microsoft.com to target 200 million Microsoft Office 365 users in a number of key vertical markets, including financial services, healthcare, manufacturing and utility providers. The attack is particularly deceiving because it deploys an exact domain spoofing technique, "Which occurs when an email is sent from a fraudulent domain that is an exact match to the spoofed brand's domain," Ovadia wrote.

With 85% product growth year-over-year in Q3'20, Veeam Backup for Microsoft Office 365 has exceeded 133,000 downloads across tens of thousands of organizations, which are relying on Veeam to protect their Office 365 data, including Exchange Online, SharePoint Online, OneDrive for Business, and now backup and recovery specifically built for Microsoft Teams. The Teams configurations, which include settings, members and team structure, are vital components to ensure Teams data is fully protected and easily recoverable. Veeam is meeting this critical business need with our new version of Veeam Backup for Microsoft Office 365.".

Microsoft has released the November 2020 non-security Microsoft Office updates with performance enhancements and fixes for known issues impacting Windows Installer editions of Office 2016 products. Four of the Office November 2020 non-security updates apply to the entire Microsoft Office 2016 software suite, while five others address issues impacting standalone Office products like Word, Project, and Visio.

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.

How is Britain's £1.3bn National Cyber Security Strategy going? Nobody really cares any more - even the Cabinet Office, judging by its latest progress report. In a report issued this week the Cabinet Office waffled for several tens of pages saying how much work Britain's various governmental organs had done that vaguely fits under the banner of the National Cyber Security Strategy.

NETGEAR announced the availability of the new WAX204 WiFi 6 Access Point, adding to the company's portfolio of WiFi 6-enabled business products. The WAX204 joins an existing Business Essentials family of high-performance, yet economical WiFi Access Points from NETGEAR, which are ideally suited for small single-site locations.

Locked up indoors with nothing to do as the evenings draw closer? If lighthearted chats about cyber security are your thing, followed up by some banging dance tunes, then we have just the event - all in the name of charity, of course. The Cyber House Party launched this summer with the inaugural shindig held on 3 June and the second on 29 October, pulling in a total of 750 attendees and raising £10,000 in donations.

The National Cyber Security Centre picked its London HQ building not because it was the best or most cost-efficient location - but because the agency "Prioritised image over cost", a Parliamentary committee has said. NCSC's HQ in the English capital's Nova South development, a glitzy commercial building near Westminster, was procured in breach of GCHQ's own rules on leasing commercial buildings.