Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers Phil Hay and Rodel Mendrez. “The initial emails are sent from compromised Microsoft 365 accounts […]
Continue ReadingManufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service (PaaS) tool called Greatness, created to phish Microsoft 365 users. According to Cisco researcher, this tool has been utilized in numerous phishing campaigns, with notable spikes in activity observed in December 2022 and March […]
Continue ReadingMicrosoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known high-risk phishing file type. “Users will receive a notification when the files seem dangerous to improve the file protection experience in OneNote on Windows,” the company […]
Continue ReadingA PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Patches for the flaw – which affects a wide variety of MS Office and SharePoint versions, Microsoft 365 Apps for Enterprise and other products – have […]
Continue ReadingEmployees are providing hundreds to thousands of third-party apps with access to the two most dominant workspaces, Microsoft 365 and Google Workspace, according to Adaptive Shield. With no oversight or control from security teams, companies have no way to quantify the risk that these SaaS-to-SaaS connections present to their businesses. Risks of SaaS-to-SaaS connections While […]
Continue ReadingA recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organizations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance? To find out, CoreView experts reviewed the […]
Continue ReadingVeeam Software released the findings of the company’s Cloud Protection Trends Report 2023, covering four key “as a Service” scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service (BaaS/DRaaS). The survey found that companies are recognizing the increasing need to […]
Continue ReadingAttackers are abusing Microsoft Dynamics 365 Customer Voice to evade email filters and deliver phishing emails into Microsoft users’ inboxes, Avanan researchers are warning. The attack Microsoft Dynamics 365 is a suite of enterprise resource planning (ERP) and customer relationship management (CRM) applications. Customer Voice is one of these applications, and it’s used for collecting […]
Continue ReadingWithSecure Elements propose désormais une protection permettant de sécuriser les partages et les collaborations Microsoft OneDrive. The post WithSecure lance une protection avancée pour Microsoft OneDrive first appeared on UnderNews.
Continue ReadingSkyKick releases Security Manager to help IT partners better protect customers in the cloud and accelerate growth by reducing the cost and complexity of delivering security services for their customers. As SMBs continue their shift to the cloud – accelerated by the rapid adoption of remote work due to COVID-19 – security is becoming a […]
Continue Reading