Microsoft 365
Microsoft links recent Microsoft 365 outage to buggy update
Microsoft says a coding issue is behind a now-resolved Microsoft 365 outage over the weekend that affected Outlook and Exchange Online authentication. According to an incident report published in the Microsoft 365 admin center on Saturday at 09:29 PM UTC, the incident also triggered Teams and Power Platform degraded functionality and caused Purview access issues and errors. […]
Microsoft fixes Outlook drag-and-drop broken by Windows updates
Microsoft has fixed a known issue that broke email and calendar drag-and-drop in classic Outlook after installing recent updates on Windows 24H2 systems. According to Redmond, the updates that trigger these problems are the KB5050094 January 2025 preview cumulative update and the KB5051987 February 2025 security update. “After installing the January 2025 Windows non-security preview update and subsequent updates […]
Botnet targets Basic Auth in Microsoft 365 password spray attacks
A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, targeting basic authentication to evade multi-factor authentication. According to a report by SecurityScorecard, the attackers are leveraging credentials stolen by infostealer malware to target the accounts at a large scale. The attacks rely on non-interactive sign-ins using […]
Microsoft: Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat […]
Microsoft investigates Microsoft 365 outage affecting users, admins
Microsoft is investigating an ongoing outage preventing users and admins from accessing some Microsoft 365 services and the admin center. According to thousands of reports from affected customers logged by DownDetector, these ongoing issues block login attempts and impact Microsoft 365 suite websites and Outlook services. “Further information can be found at https://status.cloud.microsoft, or under MO991872 if the […]
Microsoft Teams phishing attack alerts coming to everyone next month
Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. Once enabled, it will display alerts when detecting phishing attacks targeting organizations that have enabled external Teams access (which allows threat actors to message any user from external domains). The company […]
Microsoft fixes Office 365 apps crashing on Windows Server systems
Microsoft has fixed a known issue that caused Microsoft 365 applications and Classic Outlook to crash on Windows Server 2016 or Windows Server 2019 systems. The root cause is a recent Office update, which integrated the React Native framework to support certain Microsoft 365 apps’ features, while the impact was limited to Microsoft 365 users who updated their classic […]
CISA shares guidance for Microsoft expanded logging capabilities
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. As the cybersecurity agency explained, these newly introduced Microsoft Purview Audit (Standard) logging capabilities support enterprise cybersecurity operations by providing access to information on critical events such as mail […]
Microsoft ends support for Office apps on Windows 10 in October
Microsoft says it will drop support for Office apps in Windows 10 after the operating system reaches its end of support on October 14. “Microsoft 365 Apps will no longer be supported after October 14, 2025, on Windows 10 devices. To use Microsoft 365 Applications on your device, you will need to upgrade to Windows […]
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. The campaign was recently discovered by incident response firm SpearTip, who said the attacks began on January 6, 2025, targeting the Azure Active Directory Graph API. The researchers warn that the brute-force attacks have to successful account […]