More results...
A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques and e…
Most MSPs agree that Microsoft 365 is now the backbone of business operations, but a Syncro survey shows that complexity, incomplete backups, and reactive security continue to slow their progress in managing it. About 60% of MSPs said Microsoft 365 pow…
Cybersecurity firm Sublime Security details a new credential phishing scam impersonating Google Careers to steal login details from Google Workspace and Microsoft 365 users.
Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites asso…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart of collaboration in Microsoft 365. They power Teams, Outlook Groups, SharePoint sites, Planner, and Yammer. For IT admins and security researchers, it’s critical to be …
Hackers are installing multiple RMMs like Atera and Splashtop in a new malware attack. This article details the abuse of Discord CDN link andn fake OneDrive phishing campaign discovered by Sublime Security.
A new Proofpoint report reveals how attackers are using Microsoft 365’s Direct Send and unsecured SMTP relays to…
60% of organizations rate their Microsoft 365 security as “established” or “advanced”, according to CoreView. Yet, 60% of those same organizations have experienced account compromise attacks. The Microsoft 365 attack surface is wide and unpredictable. …
Scammers are exploiting Microsoft 365 Direct Send to spoof internal emails targeting US firms bypassing security filters with…
Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls.
The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek.