Mastodawn

Microsoft patches a quiet but persistent phishing vector: lingering Outlook calendar invites created automatically from malicious emails.
Hard Delete now removes both surfaces, and domain-level blocking cuts down on repetitive link filtering.

Useful quality-of-life update for SOC, IR, and enterprise admins.

Source: https://www.helpnetsecurity.com/2025/11/25/enhance-microsoft-calendar-threat-protection/

Follow TechNadu for more actionable security insights.

#infosec #m365security #SOCOps #ThreatIntel #PhishingDefense #TechNadu

Paxion Cybersecurity Jun 26

⚠️ TeamFiltration, a legitimate pen-test tool, is being used to hack Microsoft Teams, Outlook, and OneDrive.

🧑‍💻 UNK_SneakyStrike targeted 80K+ accounts without phishing, exploiting tokens and OneDrive backdoors.

🛡️ We detect and stop these threats.
#MicrosoftSecurity #TeamsHack #Token #M365Security

www.PhinIT.de Apr 18

🔐 Conditional Access Templates bringen 2025 Zero‑Trust in Minutenschnelle. Microsoft‑managed Policies stoppen Legacy Auth & Device‑Code‑Flows automatisch.
👉 Erfahre, was es mit den neuen Richtlinien auf sich hat!

#EntraID #M365Security #ZeroTrust

https://phinit.de/2025/04/18/conditional-access-templates-2025/?utm_source=mastodon&utm_medium=jetpack_social

Conditional Access Templates 2025 • PHnetwork | PhinIT.DE

🚀 Conditional Access Templates 2025 sind live! In meinem neuen Beitrag zeige ich, wie du mit wenigen Klicks von Security Defaults zu Zero‑Trust wechselst – inkl. MFA, Gerätekonformität & KI‑Optimierung. Jetzt lesen 👉 #AzureAD #EntraID #ZeroTrust #M365Security

PHIN.network | PHiNiT

Volexity

Feb 13

@volexity recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/

#dfir #threatintel #m365security

Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication

Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal.Through its investigations, Volexity discovered that Russian threat actors were impersonating a variety of individuals

Volexity

Pen Test Partners Nov 27, 2024

Phishing attacks are getting smarter, but you can stay ahead. In the final part of Rachel Rabin’s blog series, find practical advice to spot and stop email threats in Microsoft 365: https://www.pentestpartners.com/security-blog/bec-ware-the-phish-part-3-detect-and-prevent-incidents-in-m365/

Here’s what’s inside:

🔍Understanding how phishing emails bypass existing controls and fine-tune your anti-malware policies.

📊 Configure Defender for Office and Defender for Cloud Apps with customised threat and alert policies to effectively prevent and detect email-based attacks.

⚡ Go beyond default settings—use KQL to identify noisy policies and refine rule scope or sensitivity for better precision.

#PhishingPrevention #EmailSecurity #Microsoft365 #CyberThreats #CyberSecurityTips #StaySecure #PhishingAwareness #M365Security #CyberResilience #SpotThePhish

BEC-ware the Phish (part 3): Detect and Prevent Incidents in M365 | Pen Test Partners

TL;DR Take lessons learned from investigation, such as reviewing how emails evaded existing phishing controls to update anti-malware policies. Configure Defender for Office and Defender for Cloud Apps threat and alert policies to prevent and detect email-based attacks. Don’t rely on out-of-the-box (OOTB) configuration, use KQL to identify noisy polices and adjust rule scope or

Pen Test Partners Nov 8, 2024

In Part 2 of our BEC-ware the Phish blog series, Rachel Rabin dives into the crucial steps for responding to and remediating Business Email Compromise (BEC) incidents in M365. 💻

We'll delve into the key response actions to contain a live attacker, looking at the complexities of token revocation and password resets in hybrid environments.

An effective response requires a proactive setup. Implement pre-configured response accounts and automation to take actions consistently and without delay.

Short-term remediations help get back to business as usual, and our long-term suggestions will protect against future phishing attacks.

We'll explore hardening measures such as Conditional Access policies, phishing-resistant authentication, token protections, and app consent policies to protect against AiTM and OAuth phishing frameworks.

Lastly, we'll look at dedicated controls to protect privileged accounts from phishing, such as cloud-only identity for cloud administrative activities.

Get the full technical breakdown in the latest blog: https://www.pentestpartners.com/security-blog/bec-ware-the-phish-part-2-respond-and-remediate-incidents-in-m365/

#CyberSecurity #BusinessEmailCompromise #M365Security #PhishingProtection #InfoSec #CloudSecurity #ZeroTrust #TechCommunity

BEC-ware the Phish (part 2): Respond and Remediate Incidents in M365 | Pen Test Partners

TL;DR Ensure you can reliably take initial containment actions such as disabling accounts, resetting passwords, and revoking tokens. Token binding ensures that a token only works on the specific device the token was issued and is currently the best protection against token theft. As a minimum enable Security Defaults to require MFA for all privileged