Cybercriminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft 365 users. Researchers from MalwareHunterTeam noted Static Web Apps have two features that are being abused with ease – custom branding for web apps, and web hosting for static content such as HTML, CSS, JavaScript, or images. These features […]
Researchers have uncovered a new way to abuse a workflow automation feature in Microsoft 365 to exfiltrate data. Eric Saraga from cybersecurity firm Varonis discovered how Power Automate, a feature found in Microsoft 365 for Outlook, SharePoint, and OneDrive, can be abused to automatically share or send files, or forward emails, to unauthorized third parties. […]
Microsoft is working to enable users of Microsoft Defender for Office 365 to customize a new authentication mechanism in a bid to further extend its anti-spoofing protection. Named Authenticated Received Chain (ARC), Microsoft has already enabled the new authentication mechanism for all Office 365 hosted mailboxes to help preserve authentication results even when an email […]
Latest Comments