Tag

O365

4 briefs RSS

O365 Advanced Audit Disabled

Detection of O365 advanced audit being disabled for a specific user, potentially allowing attackers to operate with reduced risk of detection, leading to unauthorized data access, data exfiltration, or account compromise.

Office 365 +3 cloud o365 audit defense-evasion persistence

2r 1t Jan 3, 2024

high advisory

O365 Security Feature Modification

2 rules 1 TTP

Attackers modify or disable Office 365 advanced security settings, such as AntiPhish, SafeLink, SafeAttachment, or Malware policies, to evade detection and operate with reduced risk within the target tenant.

Office 365 +3 o365 email_security defense_evasion persistence

2r 1t Jan 3, 2024

high advisory

O365 MFA Bypassed via Trusted IP Addition

2 rules 1 TTP

An attacker modifies trusted IP settings in Office 365 to bypass multi-factor authentication (MFA), potentially leading to unauthorized access and data compromise.

Office 365 +3 mfa_bypass o365 defense_evasion

2r 1t Jan 3, 2024

medium advisory

Microsoft 365 Risk-Based Step-Up Consent Disabled

2 rules 1 TTP

The Microsoft 365 'risk-based step-up consent' security setting is disabled by an adversary to allow users to grant consent to malicious applications, potentially leading to unauthorized access and data breaches.

Splunk Enterprise +4 azuread o365 oauth risk-based consent defense-evasion

2r 1t Jan 3, 2024