Office 365 accounts are coming under increasing threat from hackers, new research has found.A report from Barracuda found that 29 per cent of organisations had their Office 365 accounts compromised in March 2019 alone - what it calls a ‘startling rise’ in attacks.More than 1.5 million malicious emails were sent from these hacked accounts in the 31 days of March.According to Barracuda, there are a ‘variety of methods’ hackers are using to get their hands on people’s and business’ accounts. Most common methods include testing for old passwords, as well as those stolen from different services, given that many people use the same password across a multitude of services. Then there is the brute-force attack, in which hackers simply try to guess a password. Last, but not least, attacks also come via web and business applications, including SMS.Most of the suspicious logins originate from China (23 per cent), followed by Brazil (nine per … [Read more...] about Hackers target business Office 365 accounts
Email office 365 login
NoRelationship phishing attack dances around Microsoft Office 365 email filters
Researchers have described a new phishing attack which is able to bypass Microsoft malicious file filters.On Tuesday, cybersecurity firm Avanan said the attack, dubbed NoRelationship, uses a link parsing weakness in email scanning products to hide malicious links.First detected just before Valentine's Day, NoRelationship is able to circumvent Microsoft's Exchange Online Protection (EOP) URL filters, which scan Office documents including .docx, .xlsx, and .pptx to warn users when malicious content is detected.The NoRelationship phishing attack includes a .docx attachment containing a malicious link which leads to credential harvesting login pages.This is a very common technique used by scammers, but in order to circumvent security and protections which are often effective, the attackers behind the scheme deleted external links from a relationship file -- xml.rels -- which is a genuine file that lists links included in an attachment. See also: Key takeaways from damning UK report … [Read more...] about NoRelationship phishing attack dances around Microsoft Office 365 email filters
New hardware security keys let you log into Outlook, Xbox, Office websites with no password at all
You and 800 million other people now can use hardware authentication keys -- and no password at all -- to log on to Microsoft accounts used for Outlook, Office 365, OneDrive, Skype and Xbox Live.Microsoft is using a technology called FIDO2, which employs hardware keys for the no-password logon, the company said Tuesday. New versions of Microsoft's Windows 10 operating system and Edge web browser support the technology. The hardware authentication keys plug into laptop USB ports or, for phones, use Bluetooth or NFC wireless communications to help prove who you are. Initially, they worked in combination with a password for dual-factor authentication, but FIDO2 and a related browser technology called WebAuthn expands beyond that to let the company ditch the password altogether.Microsoft's no-password logon offers three options: the hardware key combined with Windows Hello face recognition technology or fingerprint ID; the hardware key combined with a PIN code; or a phone … [Read more...] about New hardware security keys let you log into Outlook, Xbox, Office websites with no password at all
Microsoft Office 365, Azure lock out some people who use multi-factor authentication
You may use multi-factor authentication (MFA) to add an extra layer of security with your Microsoft accounts. But that extra security may be the reason you're locked out.On Monday, Microsoft customers who use MFA were locked out of their Microsoft Azure and Office 365 accounts. Microsoft has confirmed the problem on its Azure and Office 365 status pages and is currently working on the issue.Office 365 is Microsoft's subscription to its Office products (like Word, Outlook, Excel and PowerPoint) that provides the latest version of its software, exchange email and cloud storage. Meanwhile, Azure is the company's cloud computing service. Both are used in business, so this outage may be affecting people's work today.Two-factor and multi-factor authentication involves using an extra step (like a phone number or verification code) in addition to your login credentials. This makes it harder for people to log into your account if they have your username and password. It's a useful trick, … [Read more...] about Microsoft Office 365, Azure lock out some people who use multi-factor authentication
Office 365 and LinkedIn integration – a goldmine for fraudsters?
Collaboration tools such as Office 365, SharePoint and G-Suite are often a business’ best friend, allowing colleagues to quickly share, edit and review documents on the go. However, the growth in popularity of these tools has also sparked an upsurge in cyber criminals targeting these platforms – particularly Office 365. With Business Email Compromise (BEC) attacks on the rise, Office 365 users are, in fact among the most heavily targeted. According to the FBI, BEC attacks were responsible for more than $5.3 billion in losses between 2013 and 2016. Now, with Microsoft’s acquisition of the world’s biggest professional networking site, LinkedIn, it seems that there will be even more avenues for email fraudsters to take when targeting businesses and their employees using BEC methods. Soon, Office 365 users will be able to co-edit documents from within LinkedIn. While the rollout date … [Read more...] about Office 365 and LinkedIn integration – a goldmine for fraudsters?