Re: OT: Microsoft Breech

2024-03-18 Thread Jared Hall via users 

On 3/18/2024 10:13 PM, Jimmy wrote:


It's possible that certain email accounts utilizing email services 
with easily guessable passwords were compromised, leading to abuse of 
the ".onmicrosoft.com " subdomain for sending 
spam via email.


Well, there's (1) standard BEC, (2) stolen Exchange Administrator 
credentials, and (3) creation of new Microsoft 365 hosts.  While 
.onmicrosoft.com encompasses the entire Microsoft 365 world, including 
GoDaddy 365 resale, it is worse than that.  In Microsoft's case, the 
Azure Administration keys were pilfered as well.  Probably most of us 
here have all seen the residual fallout from all the bogus 365 hosts.


In a couple of cases, Exchange Administration credentials (where you 
setup DKIM/SMTP and the initial .onmicrosoft.com hostname) were 
changed such that they can no longer log in.  They still have the 
Account and Mailbox Administrator permissions so they can still 
add/delete Accounts and Mailboxes.


Microsoft asserts that no billing information was compromised and to be 
fair, I've seen no evidence of compromise.  Zero cred, IMHO.

Typical Microsoft:  System Down, Billing Up



I've observed an increase in the blocking of IPs belonging to 
Microsoft Corporation by the SpamCop blacklist since November 2023, 
with a notable spike in activity during February and March 2024.


Yes, you are correct.  I see there is a spat between Microsoft and 
SpamHaus also.  Poor, poor Microsoft.


Thanks,

-- Jared Hall

Re: OT: Microsoft Breech

2024-03-18 Thread Jimmy 
It's possible that certain email accounts utilizing email services with
easily guessable passwords were compromised, leading to abuse of the ".
onmicrosoft.com" subdomain for sending spam via email.

I've observed an increase in the blocking of IPs belonging to Microsoft
Corporation by the SpamCop blacklist since November 2023, with a notable
spike in activity during February and March 2024.

Jimmy


On Tue, Mar 19, 2024 at 12:10 AM Jared Hall via users <
users@spamassassin.apache.org> wrote:

> I've several customers whose accounts were used to send spam as a result
> of Microsoft's infrastructure breech.
>
> Curiously, NOBODY has received any breach notifications from Microsoft,
> despite personal information being compromised.
>
> What has anyone else experienced?
>
> Thanks,
>
> -- Jared Hall
>
>

OT: Microsoft Breech

2024-03-18 Thread Jared Hall via users 
I've several customers whose accounts were used to send spam as a result 
of Microsoft's infrastructure breech.


Curiously, NOBODY has received any breach notifications from Microsoft, 
despite personal information being compromised.


What has anyone else experienced?

Thanks,

-- Jared Hall