August 27, 2024 at 02:27AM A now-patched vulnerability in Microsoft 365 Copilot allowed for theft of sensitive user information using ASCII smuggling. Attack methods included prompting injection, data exfiltration via hidden links, and exploiting AI tools. Microsoft addressed the issue after responsible disclosure in January 2024, yet risks in AI tools persist, emphasizing the need … Read more
August 26, 2024 at 03:56PM Microsoft administrators faced a challenging Monday after being inundated with false malware reports, leading to legitimate emails being quarantined. Microsoft’s 365 Service Center issued an alert on Xitter, acknowledging an issue with malware detection. A mitigation is in progress, but admins may need to manually unblock emails due to the … Read more
August 15, 2024 at 09:59AM Microsoft has shared a temporary fix for a known issue causing crashes in Microsoft 365 apps like Outlook, Word, and OneNote after updating to Version 2407 Build 17830.20138 or higher. Affected users can confirm the issue through Event Viewer and are advised to perform an online repair or reinstall language … Read more
August 12, 2024 at 01:02PM Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from signing in or adding Gmail accounts using classic Outlook. Users may encounter errors when attempting to synchronize or add Gmail accounts and are advised to try signing in using a different browser. Google has removed … Read more
August 8, 2024 at 06:45AM Cybersecurity researchers found a new phishing campaign using Google Drawings and WhatsApp links to trick users into clicking on malicious links. Attackers disguise the phishing email as an Amazon account verification link, directing users to a fake Amazon login page to steal their information. The campaign exploits loopholes in Microsoft … Read more
August 7, 2024 at 07:26PM At the Black Hat USA conference, it was revealed that an obscure issue in Microsoft’s Entra ID identity and access management service could enable a hacker with admin-level access to gain global administrator privileges. This could lead to unauthorized access, including accessing sensitive data and planting malware in an organization’s … Read more
August 7, 2024 at 02:27PM Enterprise usage of Microsoft’s Copilot Studio, a no-code chatbot creation tool, has surged within nine months of its release. However, security researcher Michael Bargury highlighted serious security vulnerabilities that could lead to data exfiltration and bypassing controls. Despite Microsoft addressing some issues, careful implementation and admin controls are essential to … Read more
July 31, 2024 at 08:59AM Microsoft confirmed a nine-hour outage on Tuesday was caused by a distributed denial-of-service (DDoS) attack. The attack disrupted Microsoft 365 and Azure services globally. Based on the meeting notes, the key takeaway is that Microsoft experienced a nine-hour outage due to a distributed denial-of-service (DDoS) attack, resulting in disruption to … Read more
July 30, 2024 at 09:22AM Microsoft is investigating an outage affecting access to some Microsoft 365 and Azure services. Users are experiencing connection issues and degraded performance, particularly in Europe. The company has multiple engineering teams working on resolving the issue and is providing updates through admin and status pages. Downdetector has received thousands of … Read more
July 16, 2024 at 08:25AM Microsoft has resolved an Outlook security bug causing incorrect alerts after December updates. These alerts resulted from an information disclosure vulnerability, potentially allowing attackers to steal NTLM hashes. Despite initial fixes, the issue resurfaced in April and was finally resolved in the July 9th public update, prompting users to reverse … Read more