Microsoft 365 Archives - Help Net Security

Microsoft 365

Phishers use encrypted file attachments to steal Microsoft 365 account credentials

May 26, 2023

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low …

Greatness phishing-as-a-service threatens Microsoft 365 users

May 12, 2023

Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new …

Microsoft to boost protection against malicious OneNote documents

March 10, 2023

Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known …

PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)

March 6, 2023

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly …

Security teams have no control over risky SaaS-to-SaaS connections

February 28, 2023

Employees are providing hundreds to thousands of third-party apps with access to the two most dominant workspaces, Microsoft 365 and Google Workspace, according to Adaptive …

90% of organizations have Microsoft 365 security gaps

November 22, 2022

A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organizations had gaps in essential security protections. …

Cloud data protection trends you need to be aware of

November 16, 2022

Veeam Software released the findings of the company’s Cloud Protection Trends Report 2023, covering four key “as a Service” scenarios: Infrastructure as a Service (IaaS), …

Attackers leverage Microsoft Dynamics 365 to phish users

November 4, 2022

Attackers are abusing Microsoft Dynamics 365 Customer Voice to evade email filters and deliver phishing emails into Microsoft users’ inboxes, Avanan researchers are …

SkyKick Security Manager enables ITSPs to manage Microsoft 365 security

October 26, 2022

SkyKick releases Security Manager to help IT partners better protect customers in the cloud and accelerate growth by reducing the cost and complexity of delivering security …

Many IT pros don’t think a ransomware attack can impact Microsoft 365 data

October 3, 2022

Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to Hornetsecurity. The 2022 Ransomware Report, which …

How attackers use and abuse Microsoft MFA

August 24, 2022

Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise …

Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts

August 3, 2022

An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in …

Microsoft 365

Phishers use encrypted file attachments to steal Microsoft 365 account credentials

Greatness phishing-as-a-service threatens Microsoft 365 users

Microsoft to boost protection against malicious OneNote documents

PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)

Security teams have no control over risky SaaS-to-SaaS connections

90% of organizations have Microsoft 365 security gaps

Cloud data protection trends you need to be aware of

Attackers leverage Microsoft Dynamics 365 to phish users

SkyKick Security Manager enables ITSPs to manage Microsoft 365 security

Many IT pros don’t think a ransomware attack can impact Microsoft 365 data

How attackers use and abuse Microsoft MFA

Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts

Don't miss

Google triples reward for Chrome full chain exploits

MOVEit Transfer zero-day attacks: The latest info

Qakbot: The trojan that just won’t go away

How defense contractors can move from cybersecurity to cyber resilience

Introducing the book: Cybersecurity First Principles