For years, companies drilled one thing into employees’ heads: don’t trust weird emails. Problem is, attackers adapted. Instead of fighting against people’s skepticism around email, they moved to platforms employees already trust without thinking twice about it. One of the biggest targets right now is Microsoft Teams
A threat group called KongTuke has been using Teams chats to get inside corporate networks, and honestly, it’s working disturbingly well. Instead of blasting out phishing emails, they pose as internal IT staff and message employees directly through Teams. Sometimes they’re operating from already-compromised Microsoft 365 accounts. Other times they create fake accounts designed to look close enough to pass a quick glance. Either way, the attack can go from first contact to compromised system in just a few minutes. [Read more…]
Microsoft is retiring the email passcode system long used to grant temporary access to shared files in SharePoint Online and OneDrive for Business. The company plans to replace it with Microsoft Entra B2B guest accounts, shifting external collaboration toward a fully identity-based model across Microsoft 365.
Microsoft is expanding passwordless security across Windows by introducing passkey authentication through Microsoft Entra. The new capability allows users to sign in to Entra-protected resources using Windows Hello instead of traditional passwords, adding stronger resistance against phishing attacks and credential theft.