Security


Log4j Attack Methods Explained by CrowdStrike

CrowdStrike on Thursday presented advice for organizations attempting to address a security vulnerability in the Log4j Java logging framework used in Apache Web servers, currently undergoing widespread exploitation.

Widespread Log4j Remote Code Execution Vulnerability Could Affect Millions

Log4j, a widely used open-source Java logging library, has a critical-remote code execution (RCE) vulnerability that is currently being leveraged in malicious attacks.

Microsoft December Security Patches Arrive, but Log4j Takes Center Stage

Microsoft on Tuesday released security patches for 67 common vulnerabilities and exploits, even as organizations are scrambling to address a Log4j flaw in Apache servers that's under active exploit.

CrowdStrike Suggests 63 Percent of Orgs Losing Trust in 'Legacy' Software Providers Like Microsoft

A CrowdStrike survey, announced last week, depicted organizations struggling with security issues, and losing trust in "legacy" software vendors such as Microsoft.

Microsoft Releases Defender for Business Preview, Unveils Defender for Containers Product

More Microsoft Defender product news arrived this week, including the availability of a Microsoft Defender for Business preview, plus the introduction a newly formed product called "Microsoft Defender for Containers."

Microsoft Sets Up Vulnerable and Malicious Driver Reporting Center

Microsoft on Wednesday announced the availability of a new "Vulnerable and Malicious Driver Reporting Center," which lets anyone direct Microsoft's attention toward drivers with suspect behaviors.

Microsoft Seizes Control of Chinese Hacking Group Web Sites

Microsoft on Monday announced that it has seized control of multiple Web sites used by the Chinese hacking group NICKEL.

IT Pros To Get More Security Control over Office Document Macro Content

Microsoft will finally better respect IT pro decisions about macros, ActiveX content and Office add-ins in e-mailed Office documents, according to a new security policy that'll be arriving in "early February 2022."

What To Do After a PC Refresh

Keep your accounts and data secure before discarding your old machine.

Security Management Eased for Microsoft Defender for Endpoint Users

Microsoft is rolling out a somewhat more streamlined approach for managing devices that use Microsoft Defender for Endpoint, according to a Thursday announcement.

Microsoft Authenticator Gets Number Matching and GPS Location Capabilities

Microsoft this week announced four new security features for the Microsoft Authenticator app that can be used for confirming mobile device user identities.

Microsoft Fixes Azure Active Directory Issue Exposing Private Key Data

Microsoft announced on Wednesday that it fixed an Azure Active Directory private key data storage gaffe that affects Azure application subscribers, but affected organizations nonetheless should carry out specific assessment and remediation tasks.

Microsoft Defender for Endpoint Plan 1 Commercially Released

Microsoft announced on Monday that its new Microsoft Defender for Endpoint Plan 1 (P1) reached the "general availability" commercial-release stage.

Microsoft November Security Patches Address 55 Vulnerabilities

Microsoft has released its November security patch bundle, addressing 55 common vulnerabilities and disclosures (CVEs).

Report: Cybersecurity Analysts Claim Biggest Annual Salary Growth

According to a newly released salary report by employment firm Dice, cybersecurity analysts saw an average growth in salary of 16.3 percent (for an average annual salary of $103,106) between 2019 and 2020.

McAfee Goes Private in $14 Billion Acquisition

The security software firm McAfee announced on Monday that it is going private once an acquisition deal with a group led by equity firm Advent International is finalized.

Microsoft Defender for Business Announced, Plus Security Product Renames

It's been a year since the last Microsoft Defender product name changes, so brace yourself for more.

What Microsoft Is Prioritizing with Azure Updates at Ignite: Multicloud, Security and Storage

Microsoft announced a range of new Azure features at this week's virtual Ignite conference, with several services moving out of public preview and into general availability.

Old Fashioned Mics

Microsoft Ignite for IT Pros: All the Products that Reached General Availability

The Microsoft Ignite online event kicked off on Tuesday, and it brings a bunch of product updates for IT pros that are now reaching "general availability" (GA, or commercial release).

Microsoft Aims To Address Cybersecurity Workforce Shortage Crisis

Microsoft on Thursday announced a new campaign with community colleges to help prepare tomorrow's cybersecurity workforce.

Subscribe on YouTube