June 18, 2024 at 04:29PM ONNX Store, a phishing-as-a-service platform, targets Microsoft 365 and Office 365 accounts with PDF attachments containing QR codes. It bypasses 2FA, capturing login credentials and tokens, and provides a range of subscription tiers with customizable features. EclecticIQ recommends security measures to mitigate the threat’s impact. The platform poses a significant … Read more
June 15, 2024 at 01:15PM Microsoft’s ‘Secure Future Initiative’ for Outlook personal email accounts includes deprecating basic authentication by September 16, 2024. It aims to enhance cybersecurity by phasing out unsafe practices and replacing them with modern authentication methods backed by multi-factor authentication. Deprecations include ‘Mail’ and ‘Calendar’ apps on Windows and Outlook Light, with … Read more
May 16, 2024 at 01:31PM Microsoft has provided a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. The issue affects customers on Current Channel Version 2402 and higher. A workaround suggests using new Outlook or Outlook Web Access temporarily. Additionally, reverting to the … Read more
May 9, 2024 at 02:01PM AT&T’s email servers are blocking connections from Microsoft 365 due to a “high volume” spam wave. Customers are unable to receive emails from Microsoft 365 addresses, leading to multiple complaints on AT&T forums. AT&T attributes the issue to spam originating from Microsoft’s servers and is collaborating with Microsoft to address … Read more
May 8, 2024 at 11:07AM SaaS platforms like Salesforce, Workday, and Microsoft 365 offer precise permissions, dictating user access to data. However, managing these permissions can be complex and challenging, leading to security vulnerabilities. A centralized Permissions Inventory enables organizations to reduce their attack surface, improve regulatory compliance, and streamline SaaS security, with future tools … Read more
April 30, 2024 at 08:22AM Gartner reports that 55% of organizations are using or testing Generative AI, with Microsoft 365’s Copilot being a popular choice due to its seamless integration and data protection. However, the US Congress has banned its usage, and Gartner advises caution due to potential data security flaws and AI amplifying existing … Read more
April 24, 2024 at 01:19PM Microsoft is facing criticism for charging for security add-ons despite its own vulnerabilities and breaches. Enterprises are frustrated with the additional costs required for essential security tools, available only with specific subscriptions. While this pricing strategy delivers high revenues, it comes at a cost to users. Pressure is mounting for … Read more
April 23, 2024 at 03:58PM Microsoft released hotfix updates to address known issues affecting Exchange servers post installing the March 2024 security updates. The optional April 2024 HU adds support for ECC certificates and Hybrid Modern Authentication (HMA) for OWA/ECP. Redmond fixed issues in Outlook on the Web (OWA) and Microsoft Word document previews. Both … Read more
April 4, 2024 at 03:15PM Microsoft has resolved an issue causing incorrect security alerts in Outlook when opening .ICS calendar files. This stems from the December 2023 security updates, patching a vulnerability allowing attackers to steal NTLM hashes. The fix will be included in Microsoft 365 Version 2404 Build 17531.20000 in the Beta Channel and … Read more
April 3, 2024 at 11:36AM A federal review board placed responsibility on the tech giant for the Microsoft 365 breach, urging them to prioritize their “inadequate” security. The breach enabled China’s Storm-0558 to hack email accounts of government officials. Based on the meeting notes, it is clear that a federal review board has demanded the … Read more