Security News
Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. "The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target's company, the hyperlink actually directs to an Office 365 credential phishing website," Abnormal Security explained.
Over half of security leaders still rely on spreadsheetsSenior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Security threats associated with shadow ITAs cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations' security posture intact.
The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link. "The sender name impersonated the Supreme Court, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes. The email language was terse and authoritative, including a CTA in the email - View Subpoena - clearly describing the purpose of the email."
The Register reported that an admin was told that their company's internal search results had been made visible when queries were run by users from another company. At no time were the files that were displayed accessible to the user who received the incorrect search results.
Phishers are trying to bypass the multi-factor authentication protection on users' Office 365 accounts by tricking them into granting permissions to a rogue application. How? The aforementioned authorization code is exchanged for an access token that is presented by the rogue application to Microsoft Graph, which will authorize its access.
A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.
Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have received search results from another organization."
Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have received search results from another organization."
To help organisations secure and protect their important business data, Proact, Europe's leading independent data centre and cloud services provider, has launched BaaS-O365 - a new backup and recovery service for customers using Microsoft Office 365. BaaS-O365 is a new managed service from Proact that provides complete backup and recovery for Office 365 Business/Enterprise data, including Exchange Online, SharePoint Online and OneDrive for Business.
An alert the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments. In May last year, the agency issued an alert to highlight some of the common security oversights by Office 365 customers, and also included a series of recommendations on how organizations could improve their security posture.