Security News

Microsoft wants to add a new Office 365 feature to allow customers to test Microsoft Defender email protection without actually having to configure the environment and devices for your organization. Microsoft Defender for Office 365 provides Office 365 enterprise accounts with email protection from several threats including credential phishing and business email compromise, as well as automated remediation of detected attacks.

The UK's Home Office has handed a £30m contract to engineering and IT outfit Leidos to help government agencies access and analyse communications data for combatting terrorism and organised crime. The Home Office's National Communications Data Service launched the Agile Data Retention and Disclosure Services last year with a prior information notice to the market.

Asigra software version 14.2 support for the Microsoft software suite empowers solution providers to significantly lower cybersecurity threats targeting backup repositories with MS Office 365 data. Asigra Cloud Backup with Deep MFA allows users to easily schedule the creation of point-in-time backup copies of mailboxes and corporate data residing in Microsoft Office 365 Exchange Online, Office 365 Groups, SharePoint Online, and OneDrive for Business - with no limitations on data volumes or number of mailboxes.

The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims' Office 365 credentials.

Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates. Redmond also issued the December 2020 Patch Tuesday security updates, with security updates for 58 vulnerabilities, nine of them rated as Critical.

A spearphishing attack is spoofing Microsoft.com to target 200 million Microsoft Office 365 users in a number of key vertical markets, including financial services, healthcare, manufacturing and utility providers. The attack is particularly deceiving because it deploys an exact domain spoofing technique, "Which occurs when an email is sent from a fraudulent domain that is an exact match to the spoofed brand's domain," Ovadia wrote.

With 85% product growth year-over-year in Q3'20, Veeam Backup for Microsoft Office 365 has exceeded 133,000 downloads across tens of thousands of organizations, which are relying on Veeam to protect their Office 365 data, including Exchange Online, SharePoint Online, OneDrive for Business, and now backup and recovery specifically built for Microsoft Teams. The Teams configurations, which include settings, members and team structure, are vital components to ensure Teams data is fully protected and easily recoverable. Veeam is meeting this critical business need with our new version of Veeam Backup for Microsoft Office 365.".

Microsoft has released the November 2020 non-security Microsoft Office updates with performance enhancements and fixes for known issues impacting Windows Installer editions of Office 2016 products. Four of the Office November 2020 non-security updates apply to the entire Microsoft Office 2016 software suite, while five others address issues impacting standalone Office products like Word, Project, and Visio.

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.

How is Britain's £1.3bn National Cyber Security Strategy going? Nobody really cares any more - even the Cabinet Office, judging by its latest progress report. In a report issued this week the Cabinet Office waffled for several tens of pages saying how much work Britain's various governmental organs had done that vaguely fits under the banner of the National Cyber Security Strategy.