Security News

Locked up indoors with nothing to do as the evenings draw closer? If lighthearted chats about cyber security are your thing, followed up by some banging dance tunes, then we have just the event - all in the name of charity, of course. The Cyber House Party launched this summer with the inaugural shindig held on 3 June and the second on 29 October, pulling in a total of 750 attendees and raising £10,000 in donations.

The National Cyber Security Centre picked its London HQ building not because it was the best or most cost-efficient location - but because the agency "Prioritised image over cost", a Parliamentary committee has said. NCSC's HQ in the English capital's Nova South development, a glitzy commercial building near Westminster, was procured in breach of GCHQ's own rules on leasing commercial buildings.

Microsoft has launched Office 365 priority protection for accounts of high-profile employees such as executive-level managers who are most often targeted by threat actors. The new feature was added to Microsoft Defender for Office 365 which provides enterprise accounts with email threat protection from advanced threats including business email compromise and credential phishing, as well as automated remediation of detected attacks.

Spin Technology announced the next generation of SpinOne, an AI-powered ransomware and backup solution for Google Workspace and Office 365. Including advanced new security features, a completely redesigned user interface, and improved platform functionality, the latest version of SpinOne will help organizations better protect against ransomware attacks in the cloud.

Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets. The phishing emails used in this campaign are also heavily obfuscated to make sure that secure email gateways will not be able to detect the malicious messages and automatically block them before they land in the targets' inboxes.

Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures throughout Q3 2020, with additional insight from Recorded Future. Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

Microsoft has released the November 2020 Office security updates with a total of 22 updates and 5 cumulative updates for 7 different products, fixing 14 vulnerabilities with five of them potentially enabling remote attackers to execute arbitrary code on vulnerable systems. The highlight of this month's Office security updates is CVE-2020-17061, a high severity Microsoft SharePoint vulnerability discovered by Oleksandr Mirosh from Micro Focus Fortify that leads to remote code execution.

During an upcoming presentation at HITB CyberWeek 2020, Ashar Javed, a security engineer at Hyundai AutoEver Europe, will share stories from his journey towards discovering 365 valid bugs in Microsoft Office 365. I found literally hundreds of bugs in Office 365 but my favourite are All your Power Apps Portals belong to us and Cross-tenant privacy leak in Office 365.

Avaya announced a redesign of its Avaya Vantage desktop device to significantly improve the home-office experience. The Avaya Vantage and Avaya Spaces are central to Avaya's Composable Home Office Solutions strategy - which is driven by the Avaya OneCloud framework and leverages the capabilities of Avaya OneCloud UCaaS, CCaaS and CPaaS. This new approach empowers businesses with the capability to compose personalized home office experiences for their employees and customer service agents.

Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Phishing attempts are detected by Microsoft Forms with the help of proactive phishing detection, a protection feature that will proactively identify malicious password collection in forms and surveys.