Welcome to our
Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails
published on 2025-06-27 04:46:03 UTC by /u/No-Reputation7691Content:
| Reference: Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails |
|---|
Key Points:
- Phishing Campaign: Varonis' MDDR Forensics team uncovered a phishing campaign exploiting Microsoft 365's Direct Send feature.
- Direct Send Feature: Allows internal devices to send emails without authentication, which attackers abuse to spoof internal users.
- Detection: Look for external IPs in message headers, failures in SPF, DKIM, or DMARC, and unusual email behaviors.
- Prevention: Enable "Reject Direct Send," implement strict DMARC policies, and educate users on risks.
For technical details, please see more in reference (above).
Could anyone share samples or real-world experiences about this (for education and security monitoring)?
[link] [comments]
https://www.reddit.com/r/netsec/comments/1lll7ks/ongoing_campaign_abuses_microsoft_365s_direct/
Published: 2025 06 27 04:46:03
Received: 2025 06 27 04:57:47
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
Views: 15
