How Command Zero's framework helps in BEC attacks

How come BEC attacks still persist in 2025? The answer is simple: They've evolved faster than defense methods. This is a solid synopsis on why BEC attacks continue to be a grave risk.

bec attacks exploit trust faster than teams can investigate with current tooling. we built Command Zero so any analyst can tackle threats like the best. no complex queries needed. just ask questions, get answers, stop bec attacks in their tracks. read Eric Hulse's latest blog on how to combat these email attacks.

Microsoft just patched a critical vulnerability in Microsoft 365 Copilot that allowed attackers to steal sensitive emails using something as innocent-looking as a diagram. https://lnkd.in/enkghhWi

𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗶𝘀 𝗿𝗼𝗹𝗹𝗶𝗻𝗴 𝗼𝘂𝘁 𝗻𝗲𝘄 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗫𝗗𝗥 𝗔𝗹𝗲𝗿𝘁 𝗧𝘂𝗻𝗶𝗻𝗴 𝗽𝗼𝗹𝗶𝗰𝗶𝗲𝘀 𝘁𝗼 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆 𝗿𝗲𝘀𝗼𝗹𝘃𝗲 𝘀𝗽𝗲𝗰𝗶𝗳𝗶𝗰 𝗮𝗹𝗲𝗿𝘁𝘀. This helps security admins combat alert fatigue by reducing "noise". Starting 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟯𝟬, 𝟮𝟬𝟮𝟱, built-in rules will begin tuning alerts automatically. If you prefer to opt out, you can disable the alert rules by navigating to: 𝗦𝗲𝘁𝘁𝗶𝗻𝗴𝘀 > 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗫𝗗𝗥 > 𝗔𝗹𝗲𝗿𝘁 𝗧𝘂𝗻𝗶𝗻𝗴 (𝘯𝘰𝘵 𝘳𝘦𝘤𝘰𝘮𝘮𝘦𝘯𝘥𝘦𝘥). #Microsoft #Alerttuning #DefenderXDR

🚀 New article live: How to Configure Mail Flow Rules in Exchange Online (Step-by-Step Guide for IT Administrators) Managing email flow is one of the most underrated yet most critical layers of security inside Microsoft 365. From blocking risky attachments to applying disclaimers or adding external email warnings, Mail Flow Rules (Transport Rules) remain one of the most powerful tools for protecting users and ensuring compliance. I’ve just published a clear, practical and fully updated guide that covers: ✅ What Mail Flow Rules are ✅ The updated Exchange Admin Center options ✅ Real-world scenarios (external banner, blocking executables, legal disclaimer) ✅ Complete step-by-step configuration ✅ PowerShell version ✅ Best practices and common mistakes ✅ Troubleshooting based on real environments If you work with Exchange Online, email security or Microsoft 365 administration, this guide will save you time, prevent misconfigurations and help you apply stronger policies consistently. 🔗 Read the full article here: https://lnkd.in/dvUfS966

Microsoft Purview - Security and Compliance Sensitivity Labels in MS Purview allow you to classify emails, documents, Teams messages, and Sharepoint data. By labeling these items with customized criteria, you can protect your data by limiting who can open it or automatically encrypt it. You can also use templated info types to auto-label things like SSN, PHI, or banking information. Datalink Networks

Compliance made simple with Datalink Networks. Kevin Jacobson We deploy Microsoft Purview Sensitivity Labels to help your organization meet regulatory requirements like HIPAA, GDPR, and PCI-DSS. Our experts configure auto-labeling for sensitive data, enforce encryption, and integrate with compliance policies—so your business stays secure and audit-ready. Partner with us for a proactive approach to data governance. #Compliance #MicrosoftPurview #CyberSecurity #DatalinkNetworks

𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭 𝐢𝐧 𝐀𝐜𝐭𝐢𝐨𝐧: 𝐖𝐡𝐞𝐧 𝐄𝐧𝐭𝐫𝐚 𝐁𝐥𝐨𝐜𝐤𝐞𝐝 𝐚 𝐋𝐢𝐯𝐞 𝐃𝐚𝐭𝐚 𝐄𝐱𝐟𝐢𝐥𝐭𝐫𝐚𝐭𝐢𝐨𝐧 𝐀𝐭𝐭𝐞𝐦𝐩𝐭 A user account from a trusted workload identity suddenly began downloading unusually large volumes of data from SharePoint. Credentials were valid. MFA was passed. Conditional Access allowed it. Everything looked “normal” : until it didn’t. 𝗪𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝗲𝗱 𝗻𝗲𝘅𝘁: : Entra’s continuous access evaluation flagged the session for abnormal behavior. : The token was revoked mid-session, halting the data transfer instantly. : Defender correlated the alert with a compromised Azure Function key - a perfect example of why Zero Trust can’t rely on identity alone. 𝗟𝗲𝘀𝘀𝗼𝗻: Zero Trust is about living enforcement, not static policies. Access isn’t a one-time event - it’s a continuous negotiation between trust and behavior. 𝗧𝗿𝘂𝗲 𝗭𝗲𝗿𝗼 𝗧𝗿𝘂𝘀𝘁 𝗺𝗲𝗮𝗻𝘀: - Every session can be re-evaluated. - Every workload identity is monitored for drift. - Every anomaly triggers an automated response - not a manual investigation. #ZeroTrust #MicrosoftEntra #IdentitySecurity #ContinuousAccessEvaluation #WorkloadIdentity #CloudSecurity #CISO #SecurityArchitecture #MicrosoftSecurity

🚨 EchoLeak Changed Everything: One Line of Code to Secure Your AI Agents *(and Your Shadow MCP Servers) TL;DR CVE-2025-32711, CVSS 9.3). Your LangChain/CrewAI agents have the same vulnerability. Plus, your company likely has invisible MCP servers running right now that expose your entire infrastructure. Here’s an open-source solution that takes one line to implement. On June 11, 2025, researchers at Aim Labs dropped a bombshell: CVE-2025-32711 (“EchoLeak”) — A critical zero-click vulnerability in Microsoft 365 Copilot that allowed attackers to steal sensitive data by simply sending an email. No user interaction required. How it worked: Attacker sends a specially crafted email to your org Copilot reads the email (normal behavior) Hidden markdown executes a prompt injection Copilot exfiltrates chat logs, OneDrive files, SharePoint docs, Teams messages Data leaves via a CSP bypass You never know it happened CVSS: 9.3 (Critical) Traditional security tools failed—because the exploit was written in natural language. Microsoft patched quickly, but the bigger question remains: If Copilot can be https://lnkd.in/d3xvQHv5

🚨 EchoLeak Changed Everything: One Line of Code to Secure Your AI Agents *(and Your Shadow MCP Servers) TL;DR CVE-2025-32711, CVSS 9.3). Your LangChain/CrewAI agents have the same vulnerability. Plus, your company likely has invisible MCP servers running right now that expose your entire infrastructure. Here’s an open-source solution that takes one line to implement. On June 11, 2025, researchers at Aim Labs dropped a bombshell: CVE-2025-32711 (“EchoLeak”) — A critical zero-click vulnerability in Microsoft 365 Copilot that allowed attackers to steal sensitive data by simply sending an email. No user interaction required. How it worked: Attacker sends a specially crafted email to your org Copilot reads the email (normal behavior) Hidden markdown executes a prompt injection Copilot exfiltrates chat logs, OneDrive files, SharePoint docs, Teams messages Data leaves via a CSP bypass You never know it happened CVSS: 9.3 (Critical) Traditional security tools failed—because the exploit was written in natural language. Microsoft patched quickly, but the bigger question remains: If Copilot can be https://lnkd.in/d3xvQHv5