Microsoft Office 365

April 11, 2018

When Identity Thieves Hack Your Accountant

This post was originally published on this siteThe Internal Revenue Service has been urging tax preparation firms to step up their cybersecurity efforts this year, warning that identity thieves and hackers increasingly are targeting certified public accountants (CPAs) in a bid to siphon oodles of sensitive personal and financial data on taxpayers. This is the story of a CPA in New Jersey whose compromise by malware led to identity theft and phony tax refund requests filed on behalf of his clients. Last month, KrebsOnSecurity was alerted by security expert Alex Holden of Hold Security about a malware gang that appears to […]
June 28, 2019

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

This post was originally published on this siteIt might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors. When an organization buys Office365 licenses from a reseller partner, the partner is granted administrative privileges in order to help the organization set up the tenant and establish the initial administrator account. Microsoft says customers can remove that administrative access if they […]
May 5, 2021

Malicious Office 365 Apps Are the Ultimate Insiders

This post was originally published on this sitePhishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. These attacks begin with an emailed link that when clicked loads not a phishing site but the user’s actual Office 365 login page — whether that […]