Please turn on your JavaScript for this page to function normally.
key
How Chinese hackers got their hands on Microsoft’s token signing key

The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 …

Microsoft 365
Microsoft 365 accounts of execs, managers hijacked through EvilProxy

A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at …

Stellar Toolkit for Exchange
Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database

Time is of the essence when it comes to recovery after Exchange Server failure or database corruption, as organizations depend on emails for their day-to-day business …

Microsoft
Thanks Storm-0558! Microsoft to expand default access to cloud logs

Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, …

Microsoft Teams
Malware delivery to Microsoft Teams users made easy

A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the …

Microsoft 365
How hardening Microsoft 365 tenants mitigates potential cloud attacks

Moving critical data and workloads to the cloud has significantly changed information security teams. But most don’t have the resources to be successful in their cloud attack …

Microsoft Teams
Microsoft Teams vulnerability allows attackers to deliver malware to employees

Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use …

Microsoft
Microsoft confirms DDoS attacks against M365, Azure Portal

The Microsoft 365 and Azure Portal outages users experienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. The DDoS attacks against …

Microsoft 365
Phishers use encrypted file attachments to steal Microsoft 365 account credentials

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low …

Microsoft 365
Greatness phishing-as-a-service threatens Microsoft 365 users

Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new …

OneNote
Microsoft to boost protection against malicious OneNote documents

Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known …

Microsoft Word
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly …

Don't miss

Cybersecurity news