microsoft 365 security

In recent months, the aviation and transportation sectors have become prime targets for sophisticated phishing attacks, particularly those involving Business Email Compromise (BEC) schemes. Cybercriminals are exploiting executive email accounts to deceive customers and partners into transferring...

In a significant move to assist Financial Industry Regulatory Authority (FINRA) firms in achieving compliance with SEC Rule 17a-4, AdvisorVault has announced a complimentary 17a-4 Gap Assessment. This initiative aims to help firms identify and address compliance gaps within their Microsoft 365...

Organizations of every size have come to rely on Microsoft 365 as the digital nervous system powering their communication, collaboration, and data management. With its robust ecosystem—spanning Exchange Online, SharePoint, Teams, and the evolving Entra ID (Azure AD)—Microsoft 365 has brought...

Britain’s cybersecurity landscape is once again in sharp focus after confirmation that the UK’s National Cyber Security Centre (NCSC) has detected a “limited number” of domestic victims in the recent Microsoft hack campaign. While not on the scale of some prior, sweeping incidents, the attack...

The UK's National Cyber Security Centre (NCSC) has recently disclosed a sophisticated cyber-espionage campaign orchestrated by the Russian state-sponsored group APT28, also known as Fancy Bear. This campaign employs a malware strain dubbed "Authentic Antics" to infiltrate Microsoft 365 accounts...

As organisations across Australia and globally embrace the cloud to streamline operations and enable seamless collaboration, the question of security has never been more urgent. Cloud platforms like Microsoft 365, Google Workspace, AWS, and Azure have become central to business operations—but so...

The UK National Cyber Security Centre (NCSC) has formally attributed the 'Authentic Antics' malware attacks to APT28, also known as Fancy Bear, a threat actor linked to Russia's military intelligence service (GRU). This sophisticated malware campaign targets Microsoft 365 users, aiming to steal...

An alarming new vulnerability has come to light in Microsoft’s Entra ID, exposing hybrid cloud environments to the risk of privilege escalation attacks that could ultimately hand malicious actors the coveted Global Administrator privileges. This revelation, credited to the security research team...

Attackers are upping their game in the world of phishing, combining the power of artificial intelligence and native cloud tools to build attacks that are nearly indistinguishable from legitimate IT workflows. The latest trend, “native phishing,” leverages trusted Microsoft 365 (M365)...

In recent developments, cybersecurity firm East Security has identified a sophisticated phishing campaign that impersonates Microsoft's multi-factor authentication (MFA) processes. This attack leverages QR codes to deceive users into divulging their Microsoft 365 credentials, highlighting the...

Phishing attacks remain a relentless challenge in the digital security landscape, and for organizations relying on Microsoft 365, the stakes have never been higher. As business email compromise, credential theft, and weaponized attachments evolve—often powered by artificial intelligence—security...

In today's digital landscape, Microsoft 365 stands as a cornerstone for organizational productivity, offering a suite of tools that facilitate communication, collaboration, and data management. However, recent analyses reveal that many organizations may be underestimating the vulnerabilities...

The growing sophistication of phishing attempts targeting Microsoft 365 and Outlook users underscores a significant challenge facing both individual users and IT administrators: even widely trusted productivity tools are susceptible to well-crafted scam campaigns that can bypass traditional...

Phishing attacks have evolved far beyond suspicious links in emails or obvious malware-laden attachments; today’s cybercriminals are engineering schemes that bypass even the most robust inbox filters, preying on the everyday habits and default settings trusted by countless Microsoft 365 and...

Cybersecurity professionals worldwide have watched for years as the battle between defenders and attackers has grown increasingly sophisticated. But a new wave of threats is now on the horizon—one where generative AI acts as the great equalizer, equipping even novice cybercriminals with the...

In recent years, cybercriminals have increasingly exploited digital calendars to orchestrate sophisticated phishing attacks, particularly targeting Microsoft 365 users. These scams often involve deceptive calendar invitations that appear legitimate but are designed to steal sensitive information...

Microsoft 365 has become the digital heart of modern organizations, supporting operations that range from email and file storage to real-time collaboration and regulatory compliance. Despite its reputation for robust security and the billions of dollars Microsoft invests in cybersecurity...

There is no denying that Microsoft 365 is the digital engine room for modern businesses—fueling everything from email communications and calendaring to collaborative document editing and video meetings. Organizations of all sizes, across continents and industries, have woven the fabric of...

Microsoft’s ongoing investment in enterprise security takes a significant leap forward with the rollout of a sophisticated feature in Microsoft Defender for Office 365: advanced detection and mitigation of email bombing attacks. As cybercriminal tactics grow in complexity and frequency...

For many organizations, the expectation is that internal communications on their Microsoft 365 tenants are inherently more trustworthy—after all, who would question an authentication-free email from the company’s own domain? Yet a recent investigation by the Varonis Managed Data Detection and...