It’s not just Copilot that’s becoming oppressive. Is the message above helpful, or coercive? Apparently, everyday, ordinary, plain advertising just doesn’t work any longer.

ISSUE 22.41 • 2025-10-13 MICROSOFT 365 By Peter Deegan The release of a new Microsoft 365 subscription plan is good news, although Microsoft is surprisingly reluctant to say that. Whenever Microsoft announces changes in plans — especially “simplifying” pricing — it’s usually a sure sign of a price increase in disguise. Not this time. Microsoft […]

MICROSOFT 365 By Peter Deegan There was a time when AI was simple. You asked a question (the “prompt”) and you got an answer (the “response”). Now, Microsoft Copilot has many more options and handy features you can use. So do other AI systems. As usual, Microsoft muddies the waters with its usual tricks. For […]

ON SECURITY By Susan Bradley If you are in a business, or you perform technology consulting for businesses, chances are the computer systems you manage are either in a domain or controlled by Microsoft’s Intune. These machines cannot receive the single-year extension specifically designed for consumers. Instead, those of us with business networks must use […]

ISSUE 22.38 • 2025-09-22 ON SECURITY By Susan Bradley Microsoft provides several options to extend the life of Windows 10 through its Extended Security Updates (ESU) program. This topic will be discussed in a three-part series. The first two parts are about obtaining the ESU in business settings. The third part will address consumers. However, […]

We spend a lot of time in the trenches with the Microsoft technology that is closest to you, such as Windows and Office. And most of us are aware of Microsoft’s long-term and heavy investment in its cloud-based infrastructure, Azure. We also know that Microsoft is a behemoth, one of the most valuable companies on […]

Microsoft’s Digital Crimes Unit coordinated the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that developed and sold phishing kits that have been used to steal more than 5,000 Microsoft credentials since July 2024, the company said Tuesday. 

The threat group, which Microsoft tracks as Storm-2246, enabled cybercriminals to steal credentials from organizations spanning 94 countries, making it the “fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords,” Steven Masada, assistant general counsel at Microsoft’s DCU said in a blog post. 

RaccoonO365 services were used indiscriminately to target more than 2,300 U.S. organizations in a tax-themed phishing campaign earlier this year. Its kits, which use Microsoft branding for fraudulent emails, attachments and websites, have also been used against at least 20 U.S. health care organizations, according to Microsoft. 

“The rapid development, marketing, and accessibility of services like RaccoonO365 indicate that we are entering a troubling new phase of cybercrime where scams and threats are likely to multiply exponentially,” Masada said.

Microsoft, acting on a court order granted by the U.S. District Court for the Southern District of New York, worked with Cloudflare to seize and take down RaccoonO365’s infrastructure. The company also worked with Chainalysis to trace the threat group’s cryptocurrency transactions, allowing it to attribute malicious online activity to real identities.

Microsoft accuses Joshua Ogundipe of Nigeria of running the criminal enterprise, which sold phishing kits to a community base of more than 850 members on Telegram. Ogundipe and his associates have received at least $100,000 in cryptocurrency payments, reflecting an estimate of up to 200 subscriptions. 

“During the investigation, the DCU engaged directly with the threat actor without disclosing our identity to acquire the phishing kits,” Maurice Mason, principal cybercrime investigator at Microsoft’s DCU, said in a Q&A with Chainalysis. 

In a separate purchase, the alleged cybercriminal inadvertently shared a cryptocurrency wallet address for payment that allowed investigators to trace the funds to a wallet hosted on a Nigeria-based cryptocurrency exchange previously linked to Ogundipe, Mason added. 

Microsoft said Ogundipe has a background in computer programming and accused him of writing the majority 

of the code for the subscription-based phishing service, which allows cybercriminals to send up to 9,000 phishing emails per day. Investigators said RaccoonO365 may have facilitated the transmission of hundreds of millions of malicious emails. 

Microsoft, which sent a criminal referral for Ogundipe to international law enforcement, also addressed continued discontent with persisting legal challenges. 

“Today’s patchwork of international laws remains a major obstacle and cybercriminals exploit these gaps,” Masada said. “Governments must work together to align their cybercrime laws, speed up cross-border prosecutions and close the loopholes that let criminals operate with impunity.”

RaccoonO365’s kits sent emails to victims with malicious attachments, links or QR codes that redirected users to a fake Microsoft O365 login page to harvest credentials, Cloudflare researchers said in a blog post. When victims entered credentials, the kit allowed attackers to capture the password and resulting session cookie, bypassing multifactor authentication.

The codebase included functions for anti-analysis and evasion, user-agent filtering, security vendor evasion, network-level blocking and dynamic traffic routing, according to Cloudflare.

The phishing emails were often a precursor to malware and ransomware, yet not every stolen credential led to compromised networks or fraud, according to Microsoft. The company said it always expects cybercriminals to try to rebuild operations after a takedown and pledged to take additional steps to dismantle any new or reemerging infrastructure.

The post Microsoft seizes hundreds of phishing sites tied to massive credential theft operation appeared first on CyberScoop.

MICROSOFT 365 By Peter Deegan There are many font options for Office, including some you probably don’t know about. There was a time when fonts were simple. For most people, there was only one sort of typeface with bold, italic, and underline. The boom in fonts came with TrueType (.ttf) fonts, either installed automatically or […]

ISSUE 22.35 • 2025-09-01 MICROSOFT 365 By Peter Deegan Microsoft Word will soon save files to OneDrive or SharePoint by default. Redmond is making saving documents to your local PC harder. Here’s what’s going to happen, and how you can stop it. Microsoft has a long-term strategy of moving everything possible to its cloud services. […]

MICROSOFT 365 By Peter Deegan The browser-based versions of Word, Excel, and PowerPoint have come a long way from their simplistic early versions. This means you can do a lot with your Office documents on almost any machine, without installing any software. It’s worth a little time to familiarize yourself with these Web apps because […]

MICROSOFT 365 By Peter Deegan The quickly changing and poorly documented state of Outlook (new) for Windows continues to expose its missing features and its many complications, despite improvements. Microsoft doesn’t help with its single-minded campaign to push people to the newer Outlook as soon as possible. Don’t be fooled by Microsoft’s drive, and stick […]

I can’t take it anymore. I am making an executive decision. Henceforth and forevermore, in all things AskWoody and in a mighty effort to Tame Our Tech, no parentheses will be harmed in the making of our content. Therefore, we will no longer refer to the forever-upcoming version of Outlook as “Outlook (new)” and instead […]

MICROSOFT 365 By Peter Deegan Word’s Master Documents feature is not the most stable or reliable part of Microsoft Word. It can be annoying at times, but it can also prove essential. There comes a time when a document is too large and therefore slow to scroll, slow to navigate, or slow to save. That’s […]

MICROSOFT 365 By Peter Deegan Don’t totally dismiss artificial intelligence. It’s not all bad. Used with a little caution, it can be a wonderful helper for everyone, not just Microsoft 365 users. I know Copilot and AI are sometimes considered unnecessary. There is an understandable suspicion of AI generally and of Microsoft’s Copilot in particular. […]

Use of Microsoft 365 products in security testing is not a new concept. For a long time, I’ve incorporated various activities using Office products into my testing regimen. In the […]

The post Augmenting Security Testing and Analysis Activities with Microsoft 365 Products appeared first on Black Hills Information Security, Inc..

Patterson Cake // PART 1 PART 2 In part one of “Wrangling the M365 UAL,” we talked about acquiring, parsing, and querying UAL data using PowerShell and SOF-ELK. In part […]

The post Wrangling the M365 UAL with SOF-ELK and CSV Data (Part 3 of 3) appeared first on Black Hills Information Security, Inc..

Patterson Cake // In PART 1 of “Wrangling the M365 UAL,” we talked about the value of the Unified Audit Log (UAL), some of the challenges associated with acquisition, parsing, […]

The post Wrangling the M365 UAL with SOF-ELK on EC2 (Part 2 of 3) appeared first on Black Hills Information Security, Inc..

Patterson Cake // When it comes to M365 audit and investigation, the “Unified Audit Log” (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend […]

The post Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3) appeared first on Black Hills Information Security, Inc..

Steve Borosh // Why Phishing? Those of us on the offensive side of security often find ourselves in the position to test our clients’ resilience to phishing attacks. According to […]

The post Spoofing Microsoft 365 Like It’s 1995 appeared first on Black Hills Information Security, Inc..