Security News
Heads up, Microsoft Office 365 users: It's time to take some important steps in securing your account. The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has released some recommendations to help secure the online productivity service.
A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Second, the initial phishing emails are sent from legitimate but previously compromised email addresses - which cloak the fact that they're attacker-controlled.
Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences. It's a big step forward because Office macros, embedded scripts, active content like OLE and COM controls, and documents with obfuscated links to malware remain a major source of attacks - and Protected View leaves a key security decision up to users who may be ill-equipped to decide which documents are safe.
Well, here's the thing: it seems that the Microsoft Office 2019 and Office 365 ProPlus products from Microsoft include support for FBX files - whether you use FBXes yourself or not - and that the code to process those files comes from Autodesk. As you probably know, an RCE bug that is present when a vulnerable application processes a booby-trapped file often means that simply opening up or previewing that file could allow crooks to implant malware on your computer.
In a move calculated to make a dent in the data protection landscape, leading data management solutions vendor, Parablu, announced the launch of their SaaS backup solution - BluVault for Microsoft Office 365. Parablu's BluVault for Office 365 enables secure cloud backup and recovery and lets enterprises create a redundant copy of their SaaS data assets.
Microsoft has released an out-of-band security update for Microsoft Office, Office 365 ProPlus and Paint 3D. The applications are affected by multiple Autodesk vulnerabilities that, if exploited, could enable remote code execution. "Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content," according to Microsoft's Tuesday advisory.
A week after the April 2020 Patch Tuesday, Microsoft has released out-of-band security updates for its Office suite, to fix a handful of vulnerabilities that attackers could exploit to achieve remote code execution. At the same time, a security update has also been released for Paint 3D, the company's free app for creating 3D models, because the source of the fixed vulnerabilities is something that both Office and Paint 3D have in common: the Autodesk FBX library.
Office printers don't have to be security threats: with foresight and maintenance they're very easily threat-proofed. Hackers haven't forgotten about printers - not by a long shot.
With people working from home and connected to business applications running in the cloud, the notion of an office building representing the company network has vanished overnight. If that's the case, why would it matter whether that laptop is being connected to video conferencing in the company's conference room or a video conference being held from home? There is no more of a guarantee that the laptop in the company conference room is connected to the company's network than the one connected at home.
Avaya Holdings, a global leader in solutions to enhance and simplify communications and collaboration, and RingCentral, a leading provider of global enterprise cloud communications, collaboration and contact center solutions, announced general availability of the highly anticipated Avaya Cloud Office by RingCentral solution. Avaya Cloud Office enhances the way organizations communicate with customers, partners and with colleagues through an all-in-one solution that delivers seamless collaboration across multiple channels.