Security News

Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday. Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.

2024 is expected to witness a surge in cyberattacks driven by global events and the widespread accessibility of advanced technologies. In this Help Net Security round-up, we present segments from previously recorded videos where cybersecurity experts discuss predictions for 2024, providing a comprehensive perspective on the challenges and opportunities awaiting organizations.

Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update."After updating to Version 2401 Build 17231.20182 Outlook stops connecting when using the Exchange ActiveSync protocol," Microsoft said.

Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates.

Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. "For Outlook 2013 and Outlook 2016, if you are still seeing authentication prompts, please ensure you've enabled two step verification and create an app password. Use the app password in place of your normal password when Outlook prompts for authentication."

Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. "Since starting around 1/23/24 users have reported issues connecting with Outlook 2013, Outlook 2016, Outlook for Microsoft 365, Thunderbird, and mobile email apps when connecting with POP, IMAP, and Exchange connections," Microsoft says.

A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked...

Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans...

Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. Storm-1152 is a major cybercrime-as-a-service provider and the number one seller of fraudulent Outlook accounts, as well as other illegal "Products," including an automatic CAPTCHA-solving service to bypass Microsoft's CAPTCHA challenges and register more fraudulent Microsoft email accounts.

Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. While Microsoft is currently investigating this newly acknowledged issue, it also provided affected customers with some tips to workaround the email sending problems.