Security News
The Register reported that an admin was told that their company's internal search results had been made visible when queries were run by users from another company. At no time were the files that were displayed accessible to the user who received the incorrect search results.
Phishers are trying to bypass the multi-factor authentication protection on users' Office 365 accounts by tricking them into granting permissions to a rogue application. How? The aforementioned authorization code is exchanged for an access token that is presented by the rogue application to Microsoft Graph, which will authorize its access.
A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.
Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have received search results from another organization."
Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have received search results from another organization."
A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization. The "Widespread, ongoing phishing campaign" is using emails that claim to be from specific officers at the Financial Industry Regulatory Authority, in an attempt to direct investment brokers to give up their Microsoft Office or SharePoint passwords, according to a post on the organization's website.
To help organisations secure and protect their important business data, Proact, Europe's leading independent data centre and cloud services provider, has launched BaaS-O365 - a new backup and recovery service for customers using Microsoft Office 365. BaaS-O365 is a new managed service from Proact that provides complete backup and recovery for Office 365 Business/Enterprise data, including Exchange Online, SharePoint Online and OneDrive for Business.
Phishers are trying to trick investment brokers into sharing their Microsoft Office or SharePoint login credentials by impersonating FINRA, a non-governmental organization that regulates member brokerage firms and exchange markets. Phishers target investment brokers with malicious emails.
ThousandEyes, the Internet and Cloud Intelligence company, announced that customer success veteran Trevis Schuh has joined the management team as VP of Customer Engineering to ensure unmatched customer satisfaction in post-deployment support and services. To further empower customers, ThousandEyes has also established the Office of the CTO with the appointment of Cameron Esdaile as VP of Technology and Innovation.
An alert the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments. In May last year, the agency issued an alert to highlight some of the common security oversights by Office 365 customers, and also included a series of recommendations on how organizations could improve their security posture.