Week-long Exchange Online outage causes email failures, delays
Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. While the company didn’t publicly share information on this incident, it tagged it as a critical service issue tracked under EX1027675 on the Microsoft 365 Admin Center. Microsoft has yet to share more information on what regions […]
Microsoft fixes Outlook drag-and-drop broken by Windows updates
Microsoft has fixed a known issue that broke email and calendar drag-and-drop in classic Outlook after installing recent updates on Windows 24H2 systems. According to Redmond, the updates that trigger these problems are the KB5050094 January 2025 preview cumulative update and the KB5051987 February 2025 security update. “After installing the January 2025 Windows non-security preview update and subsequent updates […]
Orange Group confirms breach after hacker leaks company documents
A hacker claims to have stolen thousands of internal documents with user records and employee data after breaching the systems of Orange Group, a leading French telecommunications operator and digital service provider. The threat actor published on a hacker forum details about the stolen data after trying to extort the company unsuccessfully. Orange confirmed the […]
New FinalDraft malware abuses Outlook mail service for stealthy comms
A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. The attacks were discovered by Elastic Security Labs and rely on a complete toolset that includes a custom malware loader named PathLoader, the FinalDraft backdoor, and multiple post-exploitation utilities. The abuse of Outlook, […]
Bitwarden makes it harder to hack password vaults without MFA
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. When a potentially suspicious login attempt is detected, like from an unrecognized device, the user will now prompted to confirm the action by entering a verification code […]
Proton worldwide outage caused by Kubernetes migration, software change
Swiss tech company Proton, which provides privacy-focused online services, says that a Thursday worldwide outage was caused by an ongoing infrastructure migration to Kubernetes and a software change that triggered an initial load spike. As the company revealed yesterday in an incident report published on its status page, the outage started around 10:00 AM ET. Proton users […]
Proton Mail still down as Proton recovers from worldwide outage
Privacy firm Proton suffered a massive worldwide outage today, taking down most services, with Proton Mail and Calendar users still unable to connect to their accounts. The outage started at approximately 10:00 AM ET, with Proton users unable to connect to their accounts, including ProtonVPN, Proton Mail, Proton Calendar, Proton Drive, Proton Pass, and Proton […]
Microsoft 365 Admin portal abused to send sextortion emails
The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the messages appear trustworthy and bypassing email security platforms. Sextortion emails are scams claiming that your computer or mobile device was hacked to steal images or videos of you performing sexual acts. The scammers then demand from you a payment of $500 […]
Microsoft pulls Exchange security updates over mail delivery issues
Microsoft has pulled the November 2024 Exchange security updates released during this month’s Patch Tuesday because of email delivery issues on servers using custom mail flow rules. The company announced it pulled the updates from Windows Update and the Download Center following widespread reports from admins saying that email had stopped flowing altogether. This issue affects customers using transport rules (also known […]
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. The security flaw (CVE-2024-49040) impacts Exchange Server 2016 and 2019, and was discovered by Solidlab security researcher Vsevolod Kokorin, who reported it to Microsoft earlier this year. “The problem is that […]