Tenable CEO cites reports from several cybersecurity firms that indicate Microsoft is not being timely enough with its vulnerability disclosures and sometimes has a "dismissive" attitude.
Hackers could exploit ProxyToken authentication bypass vulnerability to steal victims’ emails and personally identifiable information from vulnerable Microsoft Exchange servers.
Though Microsoft is hardly alone in terms of cloud services experiencing serious security breaches, a string of Redmond mishaps appears to have prompted new security reviews by the Cyber Safety Review Board (CSRB).
Cybercriminals design and test email phishing attacks to bypass Microsoft email defenses with nearly a fifth (18.8%) of phishing messages reaching their targets.
While the tech companies seem to be in full support of passwordless authentication, the tech community remains divided on whether it is really "ready for primetime."
The data leak reportedly stems from the activity of two AI researchers, who had disk backups of their workstations exposed. This included some 30,000 messages with assorted Microsoft team members in addition to private keys, login credentials and internal secrets.
Microsoft Azure cloud container vulnerability allows an attacker to escape their container and compromise other user's containers on the same cloud services by executing malicious code.
Initial access broker with close links to ransomware groups is targeting organizations with Microsoft Teams phishing attacks, with malicious links leading to a malicious SharePoint-hosted file.
Microsoft discovered a coordinated phishing campaign targeting Office 365 users and leveraging an Adversary-in-the-Middle (AiTM) MFA bypass to execute business email compromise (BEC) attacks and commit fraud.
A zero-day remote code execution vulnerability in Microsoft Office has come to light, and is considered very serious due to potential for code execution if a victim opens a malicious document in Word.