Security News

Whether it's Slack or Office 365, communication and workflow apps are an essential tool for organizations to collaborate efficiently regardless of geography. Using any of these as a primary communication channel, replacing email and knowledge management repositories, makes it a new target to exploit that contains sensitive information.

A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users' password and session cookie.

Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks."Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," according to researchers.

A phishing campaign using fake voicemail notifications has been and is still targeting various US-based organizations, in an attempt to grab employees' Office365 and Outlook login credentials, Zscaler warns. The campaing seems to be a repeat of a previous, similar one, and targets security solution providers, software security developers, supply-chain organizations in manufacturing and shipping, healthcare and pharmaceutical firms, and the US military.

A "Dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack makes it possible to launch file-encrypting malware to "Encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," Proofpoint said in a report published today.

Security firm Proofpoint has uncovered what it calls a "Potentially dangerous piece of functionality" in Microsoft Office 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that renders them unrecoverable without dedicated backups or a decryption key from the attacker. Monetization: Now all original versions of the files are lost, leaving only the encrypted versions of each file in the cloud account.

Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage. A ransomware attack targeting files on these services could have severe consequences if backups aren't available, rendering important data inaccessible to owners and working groups.

Microsoft has added SMTP MTA Strict Transport Security support to Exchange Online to ensure Office 365 customers' email communication integrity and security. This new standard strengthens Exchange Online email security and solves several SMTP security problems, including expired TLS certificates, the lack of support for secure protocols, and certificates not issued by trusted third parties or matching server domain names.

Microsoft is updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization. "We are introducing differentiated protection for Priority accounts, which will provide users tagged as Priority accounts with a higher level of protection," Microsoft explains on the Microsoft 365 roadmap.

Attackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations' network by registering it with their Azure AD. If successful, they are ready to launch the second wave of the campaign, which consists of sending more phishing emails to targets outside the organization as well as within. "The victim's stolen credentials were immediately used to establish a connection with Exchange Online PowerShell, most likely using an automated script as part of a phishing kit. Leveraging the Remote PowerShell connection, the attacker implemented an inbox rule via the New-InboxRule cmdlet that deleted certain messages based on keywords in the subject or body of the email message," the team explained.