On Wednesday, May 9, it was announced that a significant vulnerability known as "BaseStriker" was discovered in Microsoft Office 365 (O365) email "Exchange Online." This applies to other email security solutions and not just O365. The vulnerability will allow a specifically crafted link in a phishing email to get through undetected. Normally, O365 will scan inbound emails and block, or quarantine, those containing malicious links (this applies even with the Advanced Threat Protection add-on). To date, no exploit of this vulnerability has been seen in the field.
While we expect to hear more from our vendors and others later today or tomorrow, the number one solution is to be smart about the emails you open and the links you click on. In ProofPoint's 2018 "Human Factor" report, they state, "Over the last year, cyber criminals have continued to increase their use of social engineering rather than automated exploits, scaling up people-centered threats and attacks that rely on human interaction." Always take precaution when clicking on links.
For questions, please email firstname.lastname@example.org.