Microsoft has warned that Office 365 customers are receiving phishing emails that aim to trick unsuspecting users into giving OAuth permissions to an app that allows attackers to read and write emails. The OAuth phishing emails were delivered to hundreds of Office 365 customers, warned the Microsoft Security Intelligence team.

Microsoft was positioning itself as one of the pioneers of the metaverse even before its US$75 billion deal to buy online gaming giant Activision Blizzard. In the days after Mark Zuckerberg rebranded Facebook last October as Meta with his near movie-length promotional film about the potential for virtual worlds, Microsoft

Microsoft’s planned $68.7 billion acquisition of gaming company Activision Blizzard isn’t just a weapon in the tech giant’s battle for video game domination. It’s also about the metaverse — a buzzy topic at the moment, with brands from Disney to Walmart working to carve out their own niche in the digital

Microsoft is acquiring Activision, the troubled publisher of Call of Duty, World of Warcraft, and Diablo. The deal will value Activision at $68.7 billion, far in excess of the $26 billion Microsoft paid to acquire LinkedIn in 2016. It’s Microsoft’s biggest push into gaming, and the company says it will

Earlier this week, Microsoft issued a fix for a vulnerability that allows remote, unprivileged attackers to abuse Remote Desktop Protocol (RDP) from inside Windows devices. The flaw could allow attackers to hijack smart cards and gain unauthorized access to file systems. The bug, which is tracked as CVE-2022-21893, could lead

Microsoft has warned Windows and Azure customers to remain on high alert after observing continues state-sponsored and cyber criminal attackers probing systems for the Log4Shell flaw throughout December. The flaw was disclosed by the Apache Software Foundation on December 9, however, the vulnerability will likely take years to remediate due

2022 is poised to be the biggest year yet for “the metaverse,” as Facebook parent Meta, Apple, Microsoft and Google gear up to release new hardware products and software services in what so far has been a niche market for early adopters. The “metaverse” describes software and hardware that allow users

Microsoft has addressed a recently discovered vulnerability that was exploited in the wild to deliver Emotet, Trickbot, and other botnets via fake applications. The vulnerability was included in the company’s December Patch Tuesday, along with five other publicly known bugs and seven critical security vulnerabilities. In total, this month’s security

In the final post of this series, we explore Microsoft’s seizure of domains used by Chinese cyber-espionage group Nickel (APT15) to attack organizations in the United States and 28 other countries around the world. These attacks were largely being used for intelligence gathering from government agencies, think tanks, and human rights organizations. In the last few years, Microsoft has filed 24 lawsuits against cybercrime and cyber-espionage groups. Is it time for U.S. Corporate Technology Companies to go into full bitskrieg mode against countless global adversaries?

An unknown state-backed threat actor has allegedly expanded its attack efforts against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software. The software is a help desk and asset management solution. In the past, the same adversary has targeted Zoho’s ADSelfService Plus. According to researchers, the APT has attacked