16 Oct, 2024

Microsoft Outlook bug blocks email logins, causes app crashes

Microsoft is investigating an Outlook bug causing desktop app crashes, high system resource usage, and preventing users from logging into their accounts. While the company said these ongoing issues only affect European customers, users worldwide have since reported experiencing the same sign-in and app instability problems. “We’re investigating an issue in which users in Europe may be experiencing crashing, not […]

2 mins read

New Mamba 2FA bypass service targets Microsoft 365 accounts

An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. Additionally, Mamba 2FA offers threat actors an adversary-in-the-middle (AiTM) mechanism to capture the victim’s authentication tokens and bypass multi-factor authentication (MFA) protections on their accounts. Mamba 2FA is currently sold to cybercriminals for […]

3 mins read

Microsoft Office 2024 now available for Windows and macOS users

Microsoft has released Office 2024 for small businesses and consumers who want a standalone version without a Microsoft 365 subscription. Office 2024 includes updated, locked-in-time versions of Word, Excel, PowerPoint, OneNote, and Outlook for Windows and macOS systems.  It also requires a Microsoft account and an internet connection (likely needed during the installation and for […]

2 mins read

Microsoft Defender adds detection of unsecure Wi-Fi networks

Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when they’re connected to unsecured Wi-Fi networks. The Defender privacy protection feature (also known as Defender VPN) protects your privacy and security when connected to public Wi-Fi or an untrusted network, where your data and identity could be exposed […]

3 mins read

Microsoft Sway abused in massive QR code phishing campaign

​A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing […]

2 mins read

Microsoft: Exchange Online mistakenly tags emails as malware

Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. “Users’ email messages containing images may be incorrectly flagged as malware and quarantined,” Microsoft said in a service alert posted on the Microsoft 365 admin center two hours ago. “We’re reviewing service monitoring telemetry […]

2 mins read

Microsoft discloses unpatched Office flaw that exposes NTLM hashes

Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. Tracked as CVE-2024-38200, this security flaw is caused by an information disclosure weakness that enables unauthorized actors to access protected information. It impacts multiple 32-bit and 64-bit Office versions, including Office 2016, Office 2019, Office LTSC 2021, and […]

4 mins read

Microsoft 365 anti-phishing feature can be bypassed with CSS

Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails. Specifically, the anti-phishing measure that can be hidden is the ‘First Contact Safety Tip,’ which warns email recipients on Outlook when they receive a message from an unfamiliar address. Certitude analysts who discovered […]

3 mins read

Microsoft says massive Azure outage was caused by DDoS attack

Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack. Redmond says the outage impacted Microsoft Entra, some Microsoft 365 and Microsoft Purview services (including Intune, Power BI, and Power Platform), as well as Azure App […]

2 mins read