bouncethebox

(-(-_(-_-)_-)-)

Menu
  • CISA / US-CERT / ICS-CERT
  • cod
Menu

Category: Microsoft 365 Security

M365 Team Discovers Phishing Email Pushing WinRAR Exploit

Posted on February 3, 2023February 4, 2023 by Bill Beehner

SOURCE: otx.alienvault.com | Created: 2 years ago | Updated: 2 months ago CVE Overview: In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating…

Read more

Microsoft Teams Minimum Viable Secure Configuration Baseline / Draft Version 0.1

Posted on October 27, 2022February 4, 2023 by Bill Beehner

Source: CISA | Released: October 2022 | By: Secure Cloud Business Applications (SCuBA) Microsoft Teams is a text and live chat workspace in Microsoft 365 (M365) that supports videocalls, chat messaging, screen-sharing, and file sharing. It has a permission-based teamstructure for managing calls and files. Microsoft teams also enables teams to manage their ownuser access…

Read more

OneDrive for Business Minimum Viable Secure Configuration Baseline

Posted on October 14, 2022February 4, 2023 by Bill Beehner

Source: CISA | Released: October 2022 | By: Secure Cloud Business Applications (SCuBA) OneDrive for Business is a cloud-based file storage system with online editing andcollaboration tools for Microsoft Office documents and is part of Office 365. OneDrive forBusiness facilitates synchronization across multiple devices and enables secure, compliant,and intelligent collaboration with multiple people.This security baseline…

Read more

Microsoft 365 Defender Minimum Viable Secure Configuration Baseline

Posted on October 3, 2022February 4, 2023 by Bill Beehner

Source: CISA.gov | Release Date: October 2022 | By: Secure Cloud Business Applications (SCuBA) This baseline focuses on the features of Defender for Office 365 and some settings are infact configured in the Microsoft 365 compliance admin center. However, for simplicity, boththe Microsoft 365 Defender and Microsoft 365 compliance admin center items arecontained in this…

Read more

CISA Releases Free Detection Tool for Azure/M365 Environments

Posted on December 4, 2020February 4, 2023 by Bill Beehner

Source: CISA | Released: December 2020 CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen…

Read more

Microsoft Office 365 Security Recommendations

Posted on April 29, 2020February 4, 2023 by Bill Beehner

Source: CISA | Type: Alert AA20-120A | Release: April 29, 2020 As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of…

Read more

═╬══ archives ════►

  • February 2023
  • October 2022
  • December 2020
  • April 2020

═╬══ categories ════►

  • Microsoft 365
  • Microsoft 365 Defender
  • Microsoft 365 Security
  • Microsoft Teams
  • OneDrive for Business

©2023 bouncethebox