EUVD-2017-3883

Malware in sbrugna...

CVE-2024-36464 Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords...

"BingBang" flaw enabled altering of Bing search results, account takeover

Researchers from Wiz have discovered a way to allow for search engine manipulation and account takeover. The research in question focuses on several Microsoft applications, with everything stemming from a new type of attack aimed at Azure Active Directory. Azure Active Directory is a single sign-...

SecureMail: Modern Authentication doesn't work - "Incorrect user name or password"

You get the error"Incorrect user name or password" when trying to login your Office365 mailbox using Securemail When Securemail Network Access is set to Unrestricted the user is able to authenticate and synchronize emails properly...

What’s New in InsightIDR: Q4 2022 in Review

As we continue to empower security teams with the freedom to focus on what matters most, Q4 focused on investments and releases that contributed to that vision. With InsightIDR, Rapid7’s cloud-native SIEM and XDR solution, teams have the scale, comprehensive contextual coverage, and expertly vett...

Voicemail Scam Steals Microsoft Credentials

Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found. A team from Zscaler ThreatLabZ has been monitoring a campaign since May that targets key...

“FudCo” Spam Empire Tied to Pakistani Software Firm

In May 2015, KrebsOnSecurity briefly profiled "The Manipulaters," the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media...

How to Configure Office365 for Single Sign-on with NetScaler as SAML Identity Provider

This article describes how to configure Office365 for Single Sign-on with NetScaler as SAML Identity Provider and this article also provides detailed steps to configure Windows Azure to use NetScaler as a Security Token Service STS/ Identity Provider IDP...

OneDrive Sync Provider Enumeration Module

This module will identify the Office 365 OneDrive endpoints for both business and personal accounts across all users providing access is permitted. It is useful for identifying document libraries that may otherwise not be obvious which could contain sensitive or useful information. Module Options...

UhOh365 - A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)

A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't. Microsoft does not consider "email enumeration" a vulnerability, so th...

Go365 - An Office365 User Attack Tool

Go365 is a tool designed to perform user enumeration and password guessing attacks on organizations that use Office365 now/soon Microsoft365. Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the...

Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign

A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal”...

STRONTIUM: Detecting new patterns in credential harvesting

Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections. Analysts from Microsoft Threat Intelligence Center MSTIC and Microsoft Identity Security have been tracking this new...

Fake Zoom meeting invitation phishing scam harvests Microsoft credentials

By Sudais Asif Initially targeting Zoom users; the phishing scam aims for Outlook and Office365 credentials. This is a post from HackRead.com Read the original post: Fake Zoom meeting invitation phishing scam harvests Microsoft credentials...

openSUSE Security Update : MozillaThunderbird (openSUSE-2020-94)

This update for MozillaThunderbird to version 68.4.1 fixes the following issues : Security issues fixed : - CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement - CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting - CVE-2019-17017: Type Confusi...

BitDam Study Exposes High Miss Rates of Leading Email Security Systems

Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines. Actually, you don't have to. This actually happened. Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt t...

Microsoft Office365 Integrity Validation / Remote Code Execution

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Microsoft Office365 Protection Bypass / Remote Code Execution

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Microsoft Office 365 / ProPlus 16.0.11929.202.88 Remote Code Execution Vulnerability

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Microsoft Office 365 / ProPlus 16.0.11929.202.88 docx2docm Protection Bypass Vulnerability

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...