Microsoft 365
Microsoft 365 outage takes down Office web apps, admin center
Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. Since this incident started hours ago, Downdetector has received user reports complaining about problems connecting to Outlook, OneDrive, and other Office 365 apps and services. Affected customers see “We’re experiencing a service outage. All of your open […]
New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named ‘Rockstar 2FA’ has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. Like other AiTM platforms, Rockstar 2FA enables attackers to bypass multifactor authentication (MFA) protections on targeted accounts by intercepting valid session cookies. These attacks work by directing victims to a fake login page that mimics Microsoft […]
Microsoft 365 Admin portal abused to send sextortion emails
The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the messages appear trustworthy and bypassing email security platforms. Sextortion emails are scams claiming that your computer or mobile device was hacked to steal images or videos of you performing sexual acts. The scammers then demand from you a payment of $500 […]
Microsoft Outlook bug blocks email logins, causes app crashes
Microsoft is investigating an Outlook bug causing desktop app crashes, high system resource usage, and preventing users from logging into their accounts. While the company said these ongoing issues only affect European customers, users worldwide have since reported experiencing the same sign-in and app instability problems. “We’re investigating an issue in which users in Europe may be experiencing crashing, not […]
New Mamba 2FA bypass service targets Microsoft 365 accounts
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. Additionally, Mamba 2FA offers threat actors an adversary-in-the-middle (AiTM) mechanism to capture the victim’s authentication tokens and bypass multi-factor authentication (MFA) protections on their accounts. Mamba 2FA is currently sold to cybercriminals for […]
Microsoft Office 2024 now available for Windows and macOS users
Microsoft has released Office 2024 for small businesses and consumers who want a standalone version without a Microsoft 365 subscription. Office 2024 includes updated, locked-in-time versions of Word, Excel, PowerPoint, OneNote, and Outlook for Windows and macOS systems. It also requires a Microsoft account and an internet connection (likely needed during the installation and for […]
Microsoft Defender adds detection of unsecure Wi-Fi networks
Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when they’re connected to unsecured Wi-Fi networks. The Defender privacy protection feature (also known as Defender VPN) protects your privacy and security when connected to public Wi-Fi or an untrusted network, where your data and identity could be exposed […]
Microsoft Sway abused in massive QR code phishing campaign
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing […]
Microsoft: Exchange Online mistakenly tags emails as malware
Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. “Users’ email messages containing images may be incorrectly flagged as malware and quarantined,” Microsoft said in a service alert posted on the Microsoft 365 admin center two hours ago. “We’re reviewing service monitoring telemetry […]
Microsoft shares Outlook workaround for Gmail sign-in issues
Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from signing in or adding Gmail accounts using classic Outlook. When attempting to synchronize Gmail accounts with their Outlook profile or add a new Gmail account, affected users may encounter the following errors: “This browser or app may not be secure” […]