Security News

While most of Azure Active Directory's security features require an enterprise Microsoft 365 account, an E3 or better, you can still get some benefit from Azure Active Directory from an Office 365 account. It's worth using these tools to see what exposure you have to drive-by attacks, where techniques like password dictionary sprays are used to break into poorly secured accounts.

Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. Microsoft is aware of targeted attacks that try to exploit the vulnerability by sending specially-crafted Microsoft Office documents to potential victims, the company says in an advisory today.

Microsoft plans to allow Office 365 admins ensure that end-users can't ignore organization-wide policies set up to block active content on Trusted Documents. Redmond says trusted docs are files with active content functions that don't require user interaction) that open without warnings after the content has been enabled.

Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails. Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with protection from multiple threats, including business email compromise and credential phishing, as well as automated attack remediation.

Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020. The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims, such as email addresses and company logos.

Patch bypass flaw in Pulse Secure VPNs can lead to total compromiseThe patch for a vulnerability in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. Vulnerable TCP/IP stack is used by almost 200 device vendorsResearchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. A look at the 2021 CWE Top 25 most dangerous software weaknessesThe 2021 Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses is a demonstrative list of the most common issues experienced over the previous two calendar years.

Microsoft is warning about an ongoing, "Sneakier than usual" phishing campaign aimed at Office 365 users. An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.

Microsoft's Digital Crimes Unit has seized 17 malicious domains used by scammers in a business email compromise campaign targeting the company's customers. The domains taken down by Microsoft were so-called "Homoglyph" domains registered to resemble those of legitimate business.

Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise campaign. "The use of attacker infrastructure hosted in multiple web services allowed the attackers to operate stealthily, characteristic of BEC campaigns," Microsoft 365 Defender Research Team's Stefan Sellmer and Microsoft Threat Intelligence Center security researcher Nick Carr explained.

Microsoft is investigating an Office 365 issue causing Outlook and Exchange Online emails to skip recipients' inboxes and being sent their junk folders instead. "We're investigating an issue in which email is being sent to the junk folder," Microsoft shared on the company's Microsoft 365 Status Twitter account. The Microsoft 365 Service health status page is currently directing customers to the Microsoft 365 Status Twitter account for more details regarding this ongoing incident.