FBI Alert Outlook OneDrive: 5 Critical Security Updates You Need Now
- Phishing Evasion Upgrade: The FBI warns of a sophisticated new malware strain that hides in Outlook calendar invitations synced through OneDrive, bypassing traditional email filters by exploiting shared file permissions.
- Data Exfiltration Red Flag: Attackers are using OneDrive’s file-sharing links to silently steal credentials; the alert advises users to immediately revoke access for any unrecognized external sharing requests in their OneDrive settings.
- Zero-Click Exploit Risk: A critical vulnerability allows malicious code to execute when opening a OneDrive-synced Outlook attachment—no user click required—prompting the FBI to urge all users to update both apps.
- Ransomware Decoy Tactic: Cybercriminals are embedding ransomware payloads inside seemingly legitimate OneDrive PDFs and Word docs, with the FBI alerting that current antivirus tools often miss this variant.
- Immediate Remediation Steps: The FBI recommends enabling multi-factor authentication on both Outlook and OneDrive, auditing all shared links for suspicious activity, and running a full offline scan if you’ve clicked any OneDrive files from unknown senders this week.