Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails

published on 2025-06-27 04:46:03 UTC by /u/No-Reputation7691
Content:
Reference: Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails

Key Points:

  • Phishing Campaign: Varonis' MDDR Forensics team uncovered a phishing campaign exploiting Microsoft 365's Direct Send feature.
  • Direct Send Feature: Allows internal devices to send emails without authentication, which attackers abuse to spoof internal users.
  • Detection: Look for external IPs in message headers, failures in SPF, DKIM, or DMARC, and unusual email behaviors.
  • Prevention: Enable "Reject Direct Send," implement strict DMARC policies, and educate users on risks.

For technical details, please see more in reference (above).

Could anyone share samples or real-world experiences about this (for education and security monitoring)?

submitted by /u/No-Reputation7691
[link] [comments]
Article: Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails - published 3 months ago.

https://www.reddit.com/r/netsec/comments/1lll7ks/ongoing_campaign_abuses_microsoft_365s_direct/   
Published: 2025 06 27 04:46:03
Received: 2025 06 27 04:57:47
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
Views: 13

Custom HTML Block

Click to Open Code Editor