Security News
According to researchers from Proofpoint, targets receive a well-crafted lures asking them to click a link which carries them to the legitimate Microsoft third-party apps consent page. "The ability to perform reconnaissance on an O365 account supplies an actor with valuable information that can later be weaponized in business email compromise attacks or account takeoversThe minimal [read-only] permissions requested by these apps also likely help them appear inconspicuous if an organization's O365 administrator audits connected apps for their users' accounts."
The Russia-linked threat group known as APT28 has changed up its tactics to include Office 365 password-cracking and credential-harvesting. The attacks utilized a daily average of 1,294 IPs associated with 536 netblocks and 273 ASNs; and, organizations typically see more than 300 authentication attempts per hour per targeted account over the course of several hours or days.
Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims' Office 365 credentials - in real time - as they enter them into the landing page. Office 365 requires app registrations to use APIs - but registrations require only an email address, making them seamless for attackers to leverage.
Many organizations are trading on-premises systems for cloud-based solutions, a move that brings virtually limitless scalability, storage and accessibility - usually at a lower cost and with reduced complexity. Ignoring the gaps that come with relying on a single vendor dramatically increases your risk profile and potential for a negative business impact due to an attack or unintended breach.
Decades old, these protocol versions are considered obsolete, especially since the newer, safer TLS 1.2 and TLS 1.3 have been available for years. In October 2018, Microsoft confirmed plans to remove support for the older protocols from its browsers, and also moved to deprecate TLS 1.0 and 1.1 for the Office 365 service.
Full Office 365 security compliance is one of those things most enterprises will have on the to-do list somewhere, but it's surprising how few actually get around to it. It's more surprising still when considering Office 365 is used by a huge number of companies across the world in some fashion, if only for the basics of email and file storage.
Microsoft has seized several domains associated with a massive hacking campaign, which has targeted Office 365 accounts with phishing and business email compromise emails. A recent court order issued by U.S. District Court for the Eastern District of Virginia allowed the tech company to disable the domains associated with the email attacks and disband the campaign: "Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals' infrastructure so that it can no longer be used to execute cyberattacks," according to Tom Burt, corporate vice president, Customer Security and Trust, in a Tuesday post.
Researchers are warning of a new phishing attack that purports to send coronavirus training resources to employees who are returning to the workplace, as COVID-19 lockdowns lift. The recent phishing campaign leverages novel training programs that are required for employees in the workplace to comply with coronavirus regulations.
Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the attacks-the majority of which targeted European companies, with others seen in Asia and the Middle East-in April, when they discovered emails sent to victims titled "Office 365 Voice Mail.".
Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. "The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target's company, the hyperlink actually directs to an Office 365 credential phishing website," Abnormal Security explained.