Security News

Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures throughout Q3 2020, with additional insight from Recorded Future. Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

Microsoft has released the November 2020 Office security updates with a total of 22 updates and 5 cumulative updates for 7 different products, fixing 14 vulnerabilities with five of them potentially enabling remote attackers to execute arbitrary code on vulnerable systems. The highlight of this month's Office security updates is CVE-2020-17061, a high severity Microsoft SharePoint vulnerability discovered by Oleksandr Mirosh from Micro Focus Fortify that leads to remote code execution.

During an upcoming presentation at HITB CyberWeek 2020, Ashar Javed, a security engineer at Hyundai AutoEver Europe, will share stories from his journey towards discovering 365 valid bugs in Microsoft Office 365. I found literally hundreds of bugs in Office 365 but my favourite are All your Power Apps Portals belong to us and Cross-tenant privacy leak in Office 365.

Avaya announced a redesign of its Avaya Vantage desktop device to significantly improve the home-office experience. The Avaya Vantage and Avaya Spaces are central to Avaya's Composable Home Office Solutions strategy - which is driven by the Avaya OneCloud framework and leverages the capabilities of Avaya OneCloud UCaaS, CCaaS and CPaaS. This new approach empowers businesses with the capability to compose personalized home office experiences for their employees and customer service agents.

Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Phishing attempts are detected by Microsoft Forms with the help of proactive phishing detection, a protection feature that will proactively identify malicious password collection in forms and surveys.

A creative Office 365 phishing campaign has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites. This tactic has been used by several Office 365 credential phishing sites according to WMC Global analysts who spotted while being deployed as part of the same phishing kit created and sold by a single threat actor to multiple users.

Experian has been rapped over the knuckles by the UK's Information Commissioner's Office after it discovered the credit reference agency was trading "Millions" of people's data for marketing purposes. Instead of issuing a monetary fine the data regulator wrapped up a two-year probe yesterday by merely insisting Experian tweaks its online privacy policies and informs consumers it acquired data about them.

One Identity released a global survey that reveals attitudes of IT and security teams regarding their responses to COVID-19-driven work environment changes. 99% of IT security professionals said their organizations transitioned to remote work because of COVID-19, and only a third described that transition as "Smooth." 62% of respondents indicated that cloud infrastructure is more important now than 12 months ago.

Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways, an Area 1 Security study reveals. Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise​ to evade traditional email defenses, which are based on already-known threats.

Microsoft is working on improving Microsoft Defender for Office 365 with priority protection features for accounts of high-profile employees like executive-level managers that threat actors target most often. Microsoft Defender for Office 365 provides Office 365 enterprise accounts with email threat protection from advanced threats including credential phishing and business email compromise, automatically remediating detected attacks.