Cybercriminals are stealing data using Microsoft’s Office 365 tools, Vectra
According to Vectra's Spotlight Report on Microsoft Office 365, cybercriminals can launch attacks that are far more sophisticated targeting legitimate tools and services such as Power Automate (an application which lets users create custom integrations and automated workflows between Office 365 applications), Microsoft eDiscovery (an electronic discovery tool that searches across Office 365 applications/data and exports the results), and OAuth (an open standard for access authentication).
NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers
Trust in Remote Working Tools Declines as Need for Security Increases
NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities