Security News

Office 365 users: Beware of fake company emails delivering a new VPN configuration
2020-06-04 08:32

Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. "The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target's company, the hyperlink actually directs to an Office 365 credential phishing website," Abnormal Security explained.

Week in review: EasyJet breach, shadow IT risks, phishers bypassing Office 365 MFA
2020-05-24 07:00

Over half of security leaders still rely on spreadsheetsSenior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Security threats associated with shadow ITAs cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations' security posture intact.

Supreme Court Phish Targets Office 365 Credentials
2020-05-21 13:00

The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link. "The sender name impersonated the Supreme Court, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes. The email language was terse and authoritative, including a CTA in the email - View Subpoena - clearly describing the purpose of the email."

Office 365 exposed some internal search results to other companies
2020-05-20 12:48

The Register reported that an admin was told that their company's internal search results had been made visible when queries were run by users from another company. At no time were the files that were displayed accessible to the user who received the incorrect search results.

Phishers are trying to bypass Office 365 MFA via rogue apps
2020-05-19 13:12

Phishers are trying to bypass the multi-factor authentication protection on users' Office 365 accounts by tricking them into granting permissions to a rogue application. How? The aforementioned authorization code is exchanged for an access token that is presented by the rogue application to Microsoft Graph, which will authorize its access.

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials
2020-05-19 12:40

A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.

Microsoft gives Office 365 admins the heads-up: Some internal queries over weekend might have returned results from completely different orgs
2020-05-18 16:49

Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have received search results from another organization."

Microsoft gives Office 365 admins the heads-up: Some internal queries over weekend might have returned results from completely different orgs
2020-05-18 16:49

Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have received search results from another organization."

Proact BaaS-O365: A backup and recovery service for Microsoft Office 365 users
2020-05-06 02:55

To help organisations secure and protect their important business data, Proact, Europe's leading independent data centre and cloud services provider, has launched BaaS-O365 - a new backup and recovery service for customers using Microsoft Office 365. BaaS-O365 is a new managed service from Proact that provides complete backup and recovery for Office 365 Business/Enterprise data, including Exchange Online, SharePoint Online and OneDrive for Business.

DHS Reiterates Recommendations on Securing Office 365
2020-05-01 12:53

An alert the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments. In May last year, the agency issued an alert to highlight some of the common security oversights by Office 365 customers, and also included a series of recommendations on how organizations could improve their security posture.