O365 Cookies hijacked to perform Financial Fraud
A massive phishing campaign has been targeting Office 365 users since September 2021 and successfully bypassing MFA set up to protect the accounts. The attackers use proxy servers and phishing…
OiVaVoii Campaign Targetting C-Suite O365 Users
A new hybrid cloud campaign dubbed OiVaVoii that uses hijacked Office 365 users and a sophisticated combination of malicious OAuth apps and targeted phishing threats to attack many C-level executives,…
ProofPoint Phishes O365 & Google Accounts
Phishers are impersonating ProofPoint,in an attempt to make off with victims’ Microsoft Office 365 and Google email credentials.One such campaign lobbed at communications company, with nearly a thousand employees targeted…
Microsoft Authenticated Received Chain
Microsoft is working to enable users of Microsoft Defender for Office 365 to customize a new authentication mechanism in a bid to further extend its anti spoofing protection dubbed Named…
Iran Sprays Passwords in US & Isreal
Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) uncovered a malicious activity cluster, tracked as DEV-0343, that is targeting the Office 365 tenants of US and…
High-level Phishing Attack
The attackers target high profile employees who may not be as technically or cybersecurity savvy, and may be more likely to be deceived into clicking on malicious links. By selectively…
Posted incloudsecurity
Microsoft adds Consent Phishing Protection
Microsoft announced that consent phishing protections including OAuth app publisher verification and app consent policies are now generally available in Office 365. These protections are designed to defend Office 365…