Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
Microsoft 365 phishing
Microsoft 365 anti-phishing alert “erased” with one simple trick

Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited (and thus potential phishing) emails “disappear”. …

Patch Tuesday
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)

June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlook (CVE-2024-30103). 49 …

Microsoft Outlook
Attackers can steal NTLM password hashes via calendar invites

A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two …

patch tuesday
December 2023 Patch Tuesday: 33 fixes to wind the year down

Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day …

Microsoft Outlook
Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and …

Phishing
New twist on ZeroFont phishing technique spotted in the wild

Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned. The ZeroFont phishing attack …

Microsoft
Chinese hackers forged authentication tokens to breach government emails

Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) …

Microsoft
Microsoft confirms DDoS attacks against M365, Azure Portal

The Microsoft 365 and Azure Portal outages users experienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. The DDoS attacks against …

laptop
Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)

Among the vulnerabilities fixed by Microsoft on May 2023 Patch Tuesday is CVE-2023-29324, a bug in the Windows MSHTML platform that Microsoft rates as “important.” …

Office 365
Fake voicemail notifications are after Office365, Outlook credentials

A phishing campaign using fake voicemail notifications has been and is still targeting various US-based organizations, in an attempt to grab employees’ Office365 and …

security platform
Exterro enhances digital forensic investigation portfolio for law enforcement teams

Exterro announced upcoming enhancements across its entire digital forensic investigation portfolio. The FTK family of products will offer support for law enforcement and …

Abnormal Security ICES platform protects against the full spectrum of email attacks

Abnormal Security announced the Abnormal Integrated Cloud Email Security (ICES) platform. Abnormal ICES is an all-in-one email security platform that provides precision …

Don't miss

Cybersecurity news