https://bit.ly/42I6nMH - 🔒 Microsoft's cloud services are scanning users’ password-protected zip files for malware, according to several users. Even though this move by Microsoft might seem intrusive to some, it's crucial for cybersecurity. The company is attempting to bypass password protection in zip files and scan them for malicious code, a method that's been used by threat actors to conceal malware. #Microsoft #CyberSecurity #CloudComputing 🧪 Security researcher Andrew Brandt reports that Microsoft's tool SharePoint flagged a password-protected zip file he used for exchanging malware samples with other researchers. Brandt highlights the importance of such practices for their work, while also expressing concerns over privacy. #SharePoint #MalwareResearch 💼 Microsoft's methods for scanning the contents of password-protected zip files are reportedly not limited to SharePoint. According to researcher Kevin Beaumont, the company uses these techniques across all its 365 cloud services. One method involves extracting potential passwords from the bodies of an email or the name of the file itself. #Microsoft365 #DataSecurity 📧 Interestingly, Microsoft's OneDrive backed up malicious files Brandt stored after creating an exception in his endpoint security tools. However, these files were wiped off from his laptop hard drive after being detected as malware in his OneDrive account. #OneDrive #EndpointSecurity 🔎 Microsoft has yet to comment on its practices of bypassing password protection for files stored in its cloud services. Meanwhile, Google reportedly doesn't scan password-protected zip files, though Gmail flags them when users receive such a file. #Google #Gmail ⚖️ This situation highlights the fine balance online services must maintain between protecting users from threats and respecting privacy. Despite concerns, this practice has likely prevented many users from falling prey to social engineering attacks. #OnlinePrivacy #CyberThreats 💡 Lastly, it's important to remember that password-protected zip files offer limited assurance against intrusion. Beaumont suggests using an AES-256 encryptor built into many archive programs when creating 7z files for stronger security.