3 matches found
Midnight Blizzard conducts targeted social engineering over Microsoft Teams
Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard previously tracked as NOBELIUM. This latest attack, combined with past activit...
Malicious OAuth applications abuse cloud email services to spread spam
Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange Online settings and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against...
Mitigation of Supply Chain Risks in Microsoft 365
In this blog we review five attack techniques exploited to compromise MS 365 tenants. Qualys SaaS Detection & Response can be used by both IT and security teams to assess these threats, and then to fix common misconfigurations, hardening supply chain defenses. Last October, news of Microsoft 365 ...