Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack
A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.
Microsoft 365
Massive botnet hits Microsoft 365 accounts
A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining possible connections to China-affiliated …
Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security
Microsoft has been on the warpath against legacy Office features that are providing entry points for bad actors since 2018.
15 free Microsoft 365 security training modules worth your time
Microsoft 365 is a cloud-based productivity suite. Beyond just tools like Word and Excel, it integrates productivity applications with cloud functionalities, device administration, and enhanced security, all within a unified experience. Managing Micros…
Microsoft 365 email senders urged to implement SPF, DKIM and DMARC
In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. “These Domain Name Service (DNS) email authentication records…
EvilProxy Phishing Targets Microsoft 365 Accounts Via Indeed.com Redirects
Researchers have found a new EvilProxy phishing campaign that targets Microsoft 365 accounts. To trick…
EvilProxy Phishing Targets Microsoft 365 Accounts Via Indeed.com Redirects on Latest Hacking News | Cyber Security News, Hacking Tools and Pen…
Microsoft Teams users targeted in phishing attack delivering DarkGate malware
A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Micr…
How Chinese hackers got their hands on Microsoft’s token signing key
The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it shouldn&…
Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits
A new study found that 4.31% of phishing attacks mimicked Microsoft, far ahead of the second most-spoofed brand PayPal.
Microsoft 365 accounts of execs, managers hijacked through EvilProxy
A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world. The rise of phishing-as-a-service As o…