Please turn on your JavaScript for this page to function normally.
CISA
CISA orders federal agencies to secure their Microsoft cloud environments

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their …

Europe
European companies hit with effective DocuSign-themed phishing emails

A threat actor looking to take over the Microsoft Azure cloud infrastructure of European companies has successfully compromised accounts of multiple victims in different …

ScubaGear
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps

ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for …

Microsoft Office
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability …

Microsoft 365 phishing
Microsoft 365 anti-phishing alert “erased” with one simple trick

Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited (and thus potential phishing) emails “disappear”. …

Microsoft Azure
Microsoft: DDoS defense error amplified attack on Azure, leading to outage

A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft’s …

Microsoft 365
Microsoft 365 users targeted by phishers abusing Microsoft Forms

There has been an uptick in phishing campaigns leveraging Microsoft Forms this month, aiming to trick targets into sharing their Microsoft 365 login credentials. A malicious …

Varonis for Microsoft 365 Copilot
Maximizing productivity with Copilot for Microsoft 365: A security perspective

In this Help Net Security video, Brian Vecci, Field CTO at Varonis, talks about maximizing the potential of Microsoft Copilot for 365. He highlights its productivity benefits …

Microsoft
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns

Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications …

Microsoft 365 security training
15 free Microsoft 365 security training modules worth your time

Microsoft 365 is a cloud-based productivity suite. Beyond just tools like Word and Excel, it integrates productivity applications with cloud functionalities, device …

Microsoft 365
Microsoft 365 email senders urged to implement SPF, DKIM and DMARC

In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication …

Microsoft Teams
Microsoft Teams users targeted in phishing attack delivering DarkGate malware

A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft …

Don't miss

Cybersecurity news