Tag: microsoft

Microsoft 365-Schutz: Teams Protection stoppt Angriffe über kompromittierte Konten in Microsoft Teams

Nov 28, 2025 5:49 AM

Tags: ai, cyber, cyberattack, microsoft

Hornetsecurity erweitert Microsoft 365-Schutz: Erkennt bösartige über Microsoft Teams geteilte URLs in Echtzeit. Gibt Administratoren volle Transparenz und ermöglicht sofortiges Eingreifen bei Bedrohungen. Hornetsecurity gibt die Weiterentwicklung von Teams Protection bekannt. Die Lösung basiert auf dem AI Cyber Assistant und ist Teil der Total Protection Suite für M365. Das Rollout neuer Funktionen ist eine… First…
Microsoft 365-Schutz: Teams Protection stoppt Angriffe über kompromittierte Konten in Microsoft Teams

Nov 28, 2025 5:49 AM

Tags: ai, cyber, cyberattack, microsoft

Hornetsecurity erweitert Microsoft 365-Schutz: Erkennt bösartige über Microsoft Teams geteilte URLs in Echtzeit. Gibt Administratoren volle Transparenz und ermöglicht sofortiges Eingreifen bei Bedrohungen. Hornetsecurity gibt die Weiterentwicklung von Teams Protection bekannt. Die Lösung basiert auf dem AI Cyber Assistant und ist Teil der Total Protection Suite für M365. Das Rollout neuer Funktionen ist eine… First…
Microsoft 365-Schutz: Teams Protection stoppt Angriffe über kompromittierte Konten in Microsoft Teams

Nov 28, 2025 5:49 AM

Tags: ai, cyber, cyberattack, microsoft

Hornetsecurity erweitert Microsoft 365-Schutz: Erkennt bösartige über Microsoft Teams geteilte URLs in Echtzeit. Gibt Administratoren volle Transparenz und ermöglicht sofortiges Eingreifen bei Bedrohungen. Hornetsecurity gibt die Weiterentwicklung von Teams Protection bekannt. Die Lösung basiert auf dem AI Cyber Assistant und ist Teil der Total Protection Suite für M365. Das Rollout neuer Funktionen ist eine… First…
Microsoft 365-Schutz: Teams Protection stoppt Angriffe über kompromittierte Konten in Microsoft Teams

Nov 28, 2025 5:49 AM

Tags: ai, cyber, cyberattack, microsoft

Hornetsecurity erweitert Microsoft 365-Schutz: Erkennt bösartige über Microsoft Teams geteilte URLs in Echtzeit. Gibt Administratoren volle Transparenz und ermöglicht sofortiges Eingreifen bei Bedrohungen. Hornetsecurity gibt die Weiterentwicklung von Teams Protection bekannt. Die Lösung basiert auf dem AI Cyber Assistant und ist Teil der Total Protection Suite für M365. Das Rollout neuer Funktionen ist eine… First…
Microsoft 365-Schutz: Teams Protection stoppt Angriffe über kompromittierte Konten in Microsoft Teams

Nov 28, 2025 5:49 AM

Tags: ai, cyber, cyberattack, microsoft

Hornetsecurity erweitert Microsoft 365-Schutz: Erkennt bösartige über Microsoft Teams geteilte URLs in Echtzeit. Gibt Administratoren volle Transparenz und ermöglicht sofortiges Eingreifen bei Bedrohungen. Hornetsecurity gibt die Weiterentwicklung von Teams Protection bekannt. Die Lösung basiert auf dem AI Cyber Assistant und ist Teil der Total Protection Suite für M365. Das Rollout neuer Funktionen ist eine… First…
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Nov 27, 2025 5:49 PM

Tags: attack, authentication, injection, login, microsoft, unauthorized, update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now.The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at “login.microsoftonline[.]com” by only letting scripts from trusted Microsoft domains run.”This update strengthens security and adds an…
Ab Januar 2026 – Microsoft Teams ermöglicht Standorterfassung im Büro

Nov 27, 2025 4:49 PM

Tags: microsoft

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-teams-automatische-standorterkennung-datenschutz-2026-a-dc7c1a199894436c353d82c18f3b1b27/
Microsoft Teams Guest Chat Flaw Could Let Hackers Deliver Malware

Nov 27, 2025 3:49 PM

Tags: cyber, exploit, flaw, hacker, malicious, malware, microsoft, office, vulnerability

Security researchers have discovered a critical vulnerability in Microsoft Teams that allows attackers to bypass all Defender for Office 365 protections by inviting users into malicious tenant environments. The flaw exploits a fundamental architectural gap in how Teams handles cross-tenant collaboration and guest access. The vulnerability centers on a critical misunderstanding held by most security…
ServiceNow is in talks to buy identity security firm Veza for over $1 billion: report

Nov 27, 2025 2:49 PM

Tags: access, ai, automation, control, data, identity, intelligence, microsoft, okta, oracle, risk, risk-management, threat, tool

Customer integration questions: For those joint customers, the acquisition would mean significant changes in how the two systems work together. Enterprises using both ServiceNow and Veza today run them as separate systems. Integration would allow ServiceNow’s AI agents to natively query and enforce access policies based on Veza’s permission intelligence, without customers building custom connections.That…
Neues ToddyCat-Toolkit greift Outlook und Microsoft-Token an

Nov 27, 2025 2:49 PM

Tags: access, apt, backdoor, browser, chrome, cloud, cyberattack, exploit, governance, government, Internet, kaspersky, mail, microsoft, open-source, powershell, tool, update, vulnerability, windows

Die APT-Gruppe ToddyCat hat ihren Fokus auf den Diebstahl von Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken verlagert.Forscher von Kaspersky Labs haben festgestellt, dass sich die APT-Gruppe (Advanced Persistent Threat) ToddyCat jetzt darauf spezialisiert hat, Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken zu stehlen.Demnachhat die Hackerbande ihr Toolkit Ende 2024 und Anfang 2025 weiterentwickelt, um nicht nur wie bisher Browser-Anmeldedaten zu…
Microsoft Teams’ guest chat feature exposes cross-tenant blind spot

Nov 27, 2025 1:49 PM

Tags: access, governance, microsoft, mitigation

Mitigations include vetting collaborations: Jason Soroko, senior fellow at Sectigo, warns that this is not a mere “bypass bug,” but a blind spot in many organizations’ mental model of cross-tenant risk. “Security teams should respond by treating external guest access as a trust boundary that needs explicit governance rather than a convenience feature that can…
Überträgt auch Outlook 365 Classic Zugangsdaten an Microsoft?

Nov 27, 2025 9:49 AM

Tags: mail, microsoft

Das die Outlook New-App Zugangsdaten von Mail-Konten an Microsoft überträgt, ist längst bekannt. Nun gibt es einen Bericht, dass auch neuere Version von Outlook Classic (also wohl Outlook 365) ihre kompletten Zugangsdaten für Konten an Microsoft übertragen. Rückblick: Der Outlook-New-Fall … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/27/uebertraegt-auch-outlook-365-classic-zugangsdaten-an-microsoft/
Utimaco-Dienst soll Kontrolle über Cloud-Schlüssel verbessern – Enterprise Key Manager as a Service für Microsoft Azure

Nov 27, 2025 9:49 AM

Tags: cloud, microsoft, service

First seen on security-insider.de Jump to article: www.security-insider.de/utimaco-ekmaas-schluesselverwaltung-fuer-azure-nutzer-a-eb4c8f6e8441b055f410465bfda3e778/
CSPM buyer’s guide: How to choose the best cloud security posture management tools

Nov 27, 2025 8:49 AM

Tags: access, ai, api, automation, awareness, best-practice, breach, business, cloud, compliance, container, control, crowdstrike, cybercrime, data, data-breach, defense, detection, exploit, framework, google, governance, group, guide, infrastructure, intelligence, kubernetes, leak, LLM, microsoft, monitoring, network, programming, risk, risk-assessment, saas, service, software, strategy, threat, tool, training, unauthorized, vulnerability

cloud security posture management (CSPM) enterprise buyer’s guide today! ] In this buyer’s guide Cloud security posture management (CSPM) explainedWhat to look for in cloud security posture management (CSPM) toolsLeading vendors for cloud security posture management (CSPM)What to ask your cloud security posture management (CSPM) providerEssential readingThat’s where CSPM tools can help. These tools continuously…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
Microsoft tightens cloud login process to prevent common attack

Nov 26, 2025 5:49 PM

Tags: attack, cloud, exploit, hacker, login, microsoft

Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-change-cloud-login-entra-id-xss/806556/
Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks

Nov 26, 2025 5:49 PM

Tags: attack, flaw, malware, microsoft, office

New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite. First seen on hackread.com Jump to article: hackread.com/microsoft-teams-guest-chat-flaw-malware/
Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks

Nov 26, 2025 5:49 PM

Tags: attack, flaw, malware, microsoft, office

New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite. First seen on hackread.com Jump to article: hackread.com/microsoft-teams-guest-chat-flaw-malware/
Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks

Nov 26, 2025 5:49 PM

Tags: attack, flaw, malware, microsoft, office

New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite. First seen on hackread.com Jump to article: hackread.com/microsoft-teams-guest-chat-flaw-malware/
Microsoft tightens cloud login process to prevent common attack

Nov 26, 2025 5:49 PM

Tags: attack, cloud, exploit, hacker, login, microsoft

Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-change-cloud-login-entra-id-xss/806556/
Unternehmen scheitern häufig an den verborgenen Risiken in Microsoft-365

Nov 26, 2025 4:49 PM

Tags: microsoft, risk

Unternehmen schätzen ihre Cybersicherheitsreife häufig deutlich höher ein, als es die tatsächliche Situation rechtfertigt. Eine aktuelle Analyse von Coreview unter mehr als 250 IT- und Sicherheitsverantwortlichen aus Enterprise- und Midmarket-Organisationen zeigt: 60 Prozent der Unternehmen bewerten ihre Microsoft-365-Sicherheit als ‘etabliert” oder ‘fortgeschritten” doch ebenso viele erlebten bereits Kontoübernahmen. Diese Diskrepanz zwischen Selbstwahrnehmung und realem […]…
Security keys may prompt for PIN after recent updates

Nov 26, 2025 4:49 PM

Tags: microsoft, update, windows

Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fido2-security-keys-may-prompt-for-pin-after-recent-windows-updates/
Unternehmen scheitern häufig an den verborgenen Risiken in Microsoft-365

Nov 26, 2025 4:49 PM

Tags: microsoft, risk

Unternehmen schätzen ihre Cybersicherheitsreife häufig deutlich höher ein, als es die tatsächliche Situation rechtfertigt. Eine aktuelle Analyse von Coreview unter mehr als 250 IT- und Sicherheitsverantwortlichen aus Enterprise- und Midmarket-Organisationen zeigt: 60 Prozent der Unternehmen bewerten ihre Microsoft-365-Sicherheit als ‘etabliert” oder ‘fortgeschritten” doch ebenso viele erlebten bereits Kontoübernahmen. Diese Diskrepanz zwischen Selbstwahrnehmung und realem […]…
Microsoft to secure Entra ID sign-ins from script injection attacks

Nov 26, 2025 2:49 PM

Tags: attack, authentication, injection, microsoft

Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-secure-entra-id-sign-ins-from-external-script-injection-attacks/
Microsoft to secure Entra ID sign-ins from script injection attacks

Nov 26, 2025 2:49 PM

Tags: attack, authentication, injection, microsoft

Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-secure-entra-id-sign-ins-from-external-script-injection-attacks/
Microsoft to secure Entra ID sign-ins from script injection attacks

Nov 26, 2025 2:49 PM

Tags: attack, authentication, injection, microsoft

Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-secure-entra-id-sign-ins-from-external-script-injection-attacks/
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
HashJack: A Novel Exploit Leveraging URL Fragments To Deceive AI Browsers

Nov 26, 2025 12:49 PM

Tags: ai, attack, cyber, exploit, google, injection, microsoft

Security researchers at Cato CTRL have uncovered HashJack. This innovative indirect prompt-injection attack hides harmful commands in the fragment portion of URLs after the >>#