Head Topics

Warning As Google And Microsoft Calendar Hack Surge Confirmed

Microsoft News

Warning As Google And Microsoft Calendar Hack Surge Confirmed
Microsoft 365Microsoft 365 CalendarGoogle Calendar
  • 📰 ForbesTech
  • ⏱ Reading Time:
  • 99 sec. here
  • 11 min. at publisher
  • 📊 Quality Score:
  • News: 71%
  • Publisher: 59%

As a surge in malicious .ics invite attacks is reported, here’s what Google and Microsoft calendar users need to do immediately.

The latest such warning has come from Sublime Security after it “observed a significant influx in phishing attacks” against users of Google Workspace and Microsoft 365 calendars. Here’s what you need to know and do.

.about the threat surface that is, erm, your calendar. Yet that threat has not gone away, and Google and Microsoft users are now being warned of a surge in attacks that use calendar invites as a method to evade security solutions and deliver their undoubtedly dangerous payloads. Aby Ahry Jeon, a product manager, and Brandon Murphy, a threat detection engineer, both working at Sublime Security, warns that “depending on the settings of the target’s calendar, even if the email message is automatically quarantined by an email security solution, the calendar entry often remains on the target’s calendar.” An .ics file is a calendar data format used to enable the sharing of events between calendar applications from the likes of Apple, Google, and Microsoft. It is a hugely popular format, not least thanks to the ability to automatically add invites to calendars from Google Workspace and Microsoft 365. In the latter, the security boffins warn, “it will also bring attachments from the email into the invitation.” Obviously, this provides an attacker with a double-whammy threat of the email and the invite to deliver a payload. Double-whammy threat, double the chance of success. The Sublime report provides a number of examples of this kind of attack, and I recommend reading it yourself to get up to speed with these. The bullet point summary is:I have reached out to both Google and Microsoft regarding the report and the dangers of .ics phishing attacks for advice to users. In the meantime, Sublime offers the following suggestions for securing your calendars: In the Google Workspace Admin Console, go to Apps|Google Workspace|Calendar|Advanced settings and ensure the ‘Add invitations to my calendar’ option is set to ‘Invitations from known senders’ or ‘Invitations users have responded to via email.’ For Microsoft 365, use PowerShell commands to set AutomateProcessing to None and disable the ‘Calendar Attendant’ from automatically processing invites.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

ForbesTech /  🏆 318. in US

Microsoft 365 Microsoft 365 Calendar Google Calendar Ics Phsihing Calendar Invite Attack Calendar Hack Sublime Security ICS Hack

 

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

‘Update And Shut Down’—Microsoft Confirms Windows Update Mistake‘Update And Shut Down’—Microsoft Confirms Windows Update MistakeUpdate finally released as Microsoft confirms major changes for all Windows users and a serious issue with no fix available.
Read more »

NSA Issues Microsoft Exchange Server ‘High-Risk Of Compromise’ AlertNSA Issues Microsoft Exchange Server ‘High-Risk Of Compromise’ AlertAs security agencies warn that Microsoft Exchange servers are highly vulnerable to attack. Here’s how you can protect your enterprise, according to the NSA.
Read more »

NSA Issues Microsoft Exchange Server ‘High-Risk Of Compromise’ AlertNSA Issues Microsoft Exchange Server ‘High-Risk Of Compromise’ AlertAs security agencies warn that Microsoft Exchange servers are highly vulnerable to attack. Here’s how you can protect your enterprise, according to the NSA.
Read more »

FBI Warning—Change WhatsApp, Google Messages, iMessage And Facebook Messenger AppsFBI Warning—Change WhatsApp, Google Messages, iMessage And Facebook Messenger AppsYou have been warned — the security and privacy of all iPhone and Android users is at risk.
Read more »

Microsoft enters approximately $9.7B contract with IREN that gives it access to Nvidia chipsMicrosoft enters approximately $9.7B contract with IREN that gives it access to Nvidia chipsMicrosoft has entered into an approximately $9.7 billion cloud services contract with artificial intelligence cloud service provider IREN that will give it access to some of Nvidia’s chips. The five-year deal, which includes a 20% prepayment, will help Microsoft as it looks to keep up with AI demand.
Read more »

Microsoft enters approx $9.7B contract with IREN that gives it access to Nvidia chipsMicrosoft enters approx $9.7B contract with IREN that gives it access to Nvidia chipsMicrosoft has entered into an approximately $9.7 billion cloud services contract with artificial intelligence cloud service provider IREN that will give it access to some of Nvidia’s chips
Read more »



Render Time: 2026-04-01 05:08:53