Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
Office 365 is Microsoft's cloud productivity suite, whose identity, email, and data controls make its vulnerabilities and security advisories consequential.
Search across headline titles and summaries.
Background for this topic.
Office 365 is Microsoft’s cloud-hosted productivity and collaboration service, encompassing Exchange Online email, SharePoint, OneDrive, Teams, and web and desktop Office applications. Because these services store communications and business documents in a shared cloud environment, the tag includes both attacks against the platform and security issues arising from tenant configuration, identity, and connected applications.
Material risks include phishing or stolen credentials leading to account takeover, malicious OAuth applications gaining delegated access, mailbox forwarding rules, and excessive external sharing of files. Effective defenses include phishing-resistant multifactor authentication, conditional-access policies, least-privilege administration, controlled app consent, data-loss prevention, and review of audit and sign-in logs. Security teams must also track Microsoft advisories and client vulnerabilities, preserve cloud evidence for investigations, and apply retention, privacy, and compliance controls appropriate to the data stored in the tenant.
Weekly headline count for the current query.
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.
The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it's anything but.
The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT's breach of its Exchange Online environment in 2023.
The new Secure Alternative Program from Google aims to entice customers away from Exchange Online and break Microsoft's dominance in enterprise.
The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.