Security News

A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Second, the initial phishing emails are sent from legitimate but previously compromised email addresses - which cloak the fact that they're attacker-controlled.

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences. It's a big step forward because Office macros, embedded scripts, active content like OLE and COM controls, and documents with obfuscated links to malware remain a major source of attacks - and Protected View leaves a key security decision up to users who may be ill-equipped to decide which documents are safe.

In a move calculated to make a dent in the data protection landscape, leading data management solutions vendor, Parablu, announced the launch of their SaaS backup solution - BluVault for Microsoft Office 365. Parablu's BluVault for Office 365 enables secure cloud backup and recovery and lets enterprises create a redundant copy of their SaaS data assets.

With so many people and organizations using Microsoft Office 365, phishers who exploit this brand can target a vast amount of people as a way to steal their account credentials, as described by Vade Secure. Phishing attacks that exploit Office 365 come in different varieties, according to Adrien Gendre, chief solutions architect at Vade Secure.

The menace of Business Email Compromise is often overshadowed by ransomware but it's something small and medium-sized businesses shouldn't lose sight of. Bang on cue, the FBI Internet Crime Complaint Center has alerted US businesses to ongoing attacks targeting organisations using Microsoft Office 365 and Google G Suite.

Take your SOC to the next level of effectivenessOrganizations are turning to Breach and Attack Simulation integration with the SOC. BAS integration with SIEM and SOAR solutions enables SOC teams to continually evaluate the effectiveness of their security controls and improve the company's security posture with real-time, accurate metrics. SecOps teams face challenges in understanding how security tools workSecurity professionals are overconfident in their tools with 50% reporting that they have experienced a security breach because one or more of their security products was not working as expected, according to Keysight.

Many novice Office 365 shops do not know where platform-specific security vulnerabilities lie, or even that they exist. Companies get themselves into trouble when they do not fully understand the way data moves through O365 or they apply on-premise security practices to their cloud strategy.

CloudNine launches CloudNine Collection Manager, a breakthrough data extraction solution from the global electronic discovery technology provider. Installed in minutes, Collection Manager defensibly performs native data collections from Office 365 email custodians, as well as Microsoft OneDrive cloud storage files.

The latest example of this involves Office 365 users being directed to phishing and malicious pages hosted on Office Sway, a web application for content creation that's part of Microsoft Office. "The Sway page will include trusted brand names. Most commonly, the spoofed brands are Microsoft-affiliated, just like the SharePoint logo shown in the example above," Avanan explained.

Microsoft this week announced a new feature in Office 365 Advanced Threat Protection (ATP) meant to provide more visibility into cyber-attacks targeting organizations via email. read more