Security firm disclosed a Microsoft data breach that exposed customer data affecting over 65,000 organizations in 111 countries. Microsoft expressed disappointment at the security firm for exaggerated numbers and releasing a search tool.
Cybercriminals design and test email phishing attacks to bypass Microsoft email defenses with nearly a fifth (18.8%) of phishing messages reaching their targets.
Microsoft discovered a coordinated phishing campaign targeting Office 365 users and leveraging an Adversary-in-the-Middle (AiTM) MFA bypass to execute business email compromise (BEC) attacks and commit fraud.
Tenable CEO cites reports from several cybersecurity firms that indicate Microsoft is not being timely enough with its vulnerability disclosures and sometimes has a "dismissive" attitude.
A zero-day remote code execution vulnerability in Microsoft Office has come to light, and is considered very serious due to potential for code execution if a victim opens a malicious document in Word.
While the tech companies seem to be in full support of passwordless authentication, the tech community remains divided on whether it is really "ready for primetime."
Microsoft researchers say that Russian cyber attacks in March against a television broadcaster and a nuclear plant directly preceded military action directed at those targets.
Survey expressing anti-Microsoft sentiment was paid for in part and published by Google Cloud. It polled 2,600 currently employed residents of the US, 338 of these government employees.
Lapsus$ hackers compromised Microsoft's Azure DevOps Server, exfiltrated and published source code for the company's web infrastructure, websites, and mobile apps.
Microsoft reported that the Russian hackers behind the devastating SolarWinds attack are employing similar tactics to worm their way into tech supply chains, looking to establish long-term footholds for espionage purposes.