All news with #microsoft 365 tag

Smashing Security 447 — AI Abuse, Stalking and Museum Heist

🤖 On episode 447 of the Smashing Security podcast Graham Cluley and guest Jenny Radcliffe explore how generative AI can enable stalking — reporting that Grok was used to doxx people, outline stalking strategies, and share revenge‑porn tips. They also recount the audacious Louvre crown jewels heist, where thieves abused assumptions about what ‘looks normal’. Graham additionally interviews Rob Edmondson about how Microsoft 365 misconfigurations and over‑privileged accounts create serious security exposures. The episode emphasizes practical lessons in threat modelling and access hygiene.

Microsoft bug in Microsoft 365 licensing blocks downloads

⚠️ Microsoft is investigating a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage, with failures reported since November 2. The company says a recent service update introduced a code defect affecting the license check process, and it has tagged the situation as an incident. A fix has been developed and is being validated in Microsoft's internal environment, and the company promised an update on deployment timing by 6:30 PM UTC. Microsoft is also addressing a separate issue causing some users to be unable to open Excel attachments in the new Outlook client due to filename encoding errors.

Microsoft Teams guest access can bypass Defender protections

⚠️ Researchers warn a cross-tenant blind spot in Microsoft Teams can allow attackers to sidestep Microsoft Defender for Office 365 when users accept guest access in another tenant. Protections follow the hosting tenant, not the user's home organization, enabling attackers to create protection-free malicious tenants using low-tier licenses. Organizations should restrict B2B invitations, enable cross-tenant access controls, and train users to reject unsolicited guest invites.

Microsoft adds Teams call handler to speed Windows client

⚡Microsoft will introduce a new Teams call handler, ms-teams_modulehost.exe, that runs as a child process to manage the calling stack separately from the main ms-teams.exe application, improving startup times and in-meeting performance. The change is transparent to end users and requires no retraining. Administrators should allowlist the new process in security and endpoint protection systems and notify helpdesk staff to avoid false positives during the rollout.

ToddyCat Tools Target Outlook, Steal M365 Tokens Now

🛡️ Kaspersky researchers report that the ToddyCat APT has evolved tactics to harvest corporate email and Microsoft 365 access tokens. Operators deployed a C++ utility, TCSectorCopy, to copy Outlook OST files sector-by-sector and then extract messages with XstReader. They also used SharpTokenFinder to enumerate and steal JWTs and, when blocked, relied on ProcDump to obtain Outlook memory dumps. PowerShell variants of TomBerBil were observed stealing browser cookies, credentials and DPAPI keys across network shares.

Thunderbird Gains Native Microsoft Exchange Support

📧 Thunderbird 145 introduces built-in support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol, eliminating the need for third-party add-ons in Exchange-hosted environments. The client auto-detects account settings and uses Microsoft’s OAuth2 for authorization to simplify migration from Outlook. Initial capabilities include full folder listings, message synchronization, message operations (view, send, reply, forward, move, copy, delete), attachment handling, subject/body search and quick filtering for Microsoft 365 domains with standard OAuth2 and for on-premise Exchange using basic password authentication. The Thunderbird team says additional features such as calendar syncing, address book support, Microsoft Graph integration and expanded authentication options (NTLM, tenant-specific OAuth2) are planned but not yet available.

Security Copilot Agents Included with Microsoft 365 E5

🛡️ Microsoft is including Security Copilot agents in Microsoft 365 E5, embedding AI-driven assistants across Defender, Entra, Intune, and Purview to accelerate investigations and automate routine tasks. The rollout begins today for existing Security Copilot customers on E5 and will expand to all E5 tenants in the coming months with a 30-day notification. The announcement adds 12 Microsoft-built preview agents, 30+ partner agents, and support for customer-built agents to tailor workflows.

Windows bug prevents Microsoft 365 desktop app installs

⚠️ Microsoft is addressing a known issue that prevents users from installing Microsoft 365 desktop apps on Windows devices. The problem stems from misconfigured authentication components affecting versions 2508 (Build 19127.20358) and 2507 (Build 19029.20294). The team is reconfiguring the components and expects a full remediation later today. Microsoft tagged the outage as incident OP1186186 and is also investigating a related admin access issue tracked as MO1176905.

Microsoft deploys Teams screen-capture prevention rollout

🔒 Microsoft is rolling out a new Teams Premium setting that blocks screenshots and recordings in meetings on Windows desktop and Android devices. The feature, called 'Prevent screen capture', was announced for July 2025 but the rollout was delayed and is being introduced in late November 2025. The control is off by default and must be enabled per meeting by organizers or co-organizers; unsupported clients will join audio-only.

Quantum Route Redirect PhaaS Exploits Microsoft 365 Users

📧 KnowBe4 researchers have identified a phishing automation kit named Quantum Route Redirect (QRR) that uses roughly 1,000 domains to harvest Microsoft 365 credentials. The platform is preconfigured with common lures—DocuSign requests, payment notifications, missed voicemail notices and QR prompts—and typically hosts landing pages on parked or compromised legitimate domains to aid social engineering and evade detection. QRR includes a built-in filter that distinguishes humans from bots and security scanners, redirecting genuine users to credential-harvesting pages while sending automated systems to benign sites. Most observed attacks target U.S. users, and defenders are urged to deploy robust URL filtering and continuous account monitoring.

OAuth Device Code Phishing: Azure vs Google Compared

🔐 Matt Kiely of Huntress examines how the OAuth 2.0 device code flow enables phishing and highlights stark differences between Microsoft and Google. He walks through the device-code attack chain — generating a device code, social-engineering a user to enter it on a legitimate site, and polling the token endpoint to harvest access and refresh tokens. The analysis shows Azure’s implementation lets attackers control client_id and resource parameters to obtain powerful tokens, while Google’s implementation restricts device-code scopes and requires app controls that significantly limit abuse. Practical examples, cURL/Python snippets, and mitigation advice are included for defenders.

ACCC Sues Microsoft Over Copilot Subscription Practices

📝 The Australian Competition and Consumer Commission (ACCC) has sued Microsoft, alleging it misled 2.7 million Australian Microsoft 365 subscribers when integrating Copilot by obscuring the option to remain on existing plans at the same price. The ACCC says renewal communications presented the AI‑enabled tiers as the apparent way to keep service active while the choice to stay was only visible via the cancellation flow. The complaint alleges breaches of multiple Australian Consumer Law provisions and seeks civil penalties, injunctions, and consumer compensation. Microsoft says it is reviewing the ACCC's claim and will cooperate with the regulator.

'Jingle Thief' Exploits Cloud to Steal Gift Cards at Scale

🔒Researchers detail a threat cluster called Jingle Thief that leverages phishing and smishing to harvest credentials and compromise cloud environments of retailers and consumer services to issue unauthorized gift cards. Palo Alto Networks Unit 42 links the activity to financially motivated actors and notes coordinated campaigns in April-May 2025. The attackers favor identity misuse over malware, persistently mapping tenants, abusing Microsoft 365 services, and minimizing logs to sustain large-scale fraud.

Microsoft fixes bug blocking classic Outlook startup

🛠️ Microsoft has implemented a fix for a major issue that prevented some Microsoft 365 customers from launching the classic Outlook client on Windows. Affected users reported errors indicating the app could not be started, the Outlook window would not open, or Exchange sign-in failed. Microsoft marked the incident as fixed and said the Outlook team is monitoring the rollout, while recommending Outlook Web Access or the new Outlook for Windows as temporary workarounds.

Microsoft Investigates Microsoft 365 Access Outage

⚠️ Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. The issue has been tagged as an incident in the admin center while Redmond reviews telemetry and recent service changes to identify the root cause. Microsoft first acknowledged the problem at 05:06 AM UTC and said it continued analysis nearly four hours later to develop a fix. Impact appears limited to users served by the affected infrastructure.

Azure Front Door Outage Disrupts Microsoft 365 Access

⚠️ Microsoft is addressing an outage in its Azure Front Door CDN that is blocking access to some Microsoft 365 services and admin portals across Europe, Africa, and the Middle East. The incident began around 07:40 UTC and produced delays and timeouts when connecting to the Azure and Entra portals. Engineering teams have been restarting Kubernetes instances that caused capacity loss across AFD instances and have initiated failover for the Microsoft 365 Portal while monitoring telemetry to confirm full recovery.

Microsoft: Classic Outlook Crash Requires Support Ticket

🔧 Microsoft is investigating a known issue that causes classic Outlook on Windows to crash at launch for some Microsoft 365 customers. The vendor has not provided a public fix; affected customers must open a support case in the Microsoft 365 Admin portal so Exchange Online support can request a service change. Microsoft notes the error can stem from different causes but recent cases have involved user mailboxes, and it recommends capturing a Fiddler trace for triage. Temporary workarounds include using new Outlook for Windows or Outlook Web Access until mitigation is applied.

Microsoft to Force-Install Microsoft 365 Companion Apps

📌 Microsoft will automatically install the Microsoft 365 companion apps on Windows 11 devices that have the Microsoft 365 desktop apps, beginning in late October 2025 and completing by the end of December 2025. The suite — People, Files, and Calendar — integrates Copilot for contextual AI assistance from the taskbar. IT admins can opt out via the Microsoft 365 Apps admin center or disable app auto‑launch in each app's Settings.

Microsoft 365: Why Its Dominance Creates Major Risk

🔒 Microsoft 365 has become the central nervous system of modern business, and its market dominance has turned the platform into a lucrative target for attackers. With over 400 million paid seats and tightly integrated apps like Outlook, SharePoint, Teams and OneDrive, a single compromise can cascade across services. Organizations must close backup gaps, adopt zero trust, enforce MFA and deploy cross-application threat detection to reduce catastrophic exposure.

Microsoft and Cloudflare Disrupt RaccoonO365 Phishing

🔒 Microsoft and Cloudflare coordinated a disruption of the RaccoonO365 Phishing-as-a-Service operation in early September 2025, seizing 338 malicious websites and Cloudflare Worker accounts. The service is linked to at least 5,000 stolen Microsoft 365 credentials from 94 countries since July 2024 and was used in large campaigns, including a tax-themed sweep that targeted over 2,300 U.S. organizations. Kits bundled CAPTCHA and anti-bot evasion, were sold via a private Telegram channel, and investigators identified a suspected leader, prompting a criminal referral.