Security


Microsoft's Security Update Guide To Report on CBL-Mariner Linux Vulnerabilities

Microsoft's Security Update Guide, which chronicles Microsoft's patch releases each month, is getting two relatively new additions.

Exchange Online TLS 1.0 and 1.1 Support Ending for POP 3 and IMAP 4 Clients

Microsoft gave notice this week that it's planning to disable the use of the Transport Layer Security (TLS) 1.0 and TLS 1.1 security protocols for Exchange Online customers that use Post Office Protocol 3 (POP 3) and/or Internet Message Access Protocol 4 (IMAP 4) clients, starting next month.

Microsoft Adds More User Phishing Details to Attack Simulation Training Service

Microsoft's Attack Simulation Training product now shows more information about how users interacted with simulated phishing attacks, per a Tuesday announcement.

Matrix

Breakdown of the Rackspace Ransomware Incident

What caused the issue and what, as customers, we can do to keep our data secure.

Report Predicts Rise of AI Based Cyberattacks in Next 5 Years

Artificial intelligence (AI)-based cyberattacks on organizations could start to ramp up over the next five years, according to a recently published report.

Microsoft Ending 2022's Security Patching with 2 Zero Day Updates

Microsoft's final security update of the year arrived on Tuesday, featuring 6 bulletin items rated "critical," a flaw fix total of 49.

Microsoft Authenticator Support for Apple Watch Ends in January

The Microsoft Authenticator app, used to assure secure authentications, won't be compatible with the Apple Watch, starting next month.

Microsoft Authenticator for iOS Now Complies with FIPS 140 Standard

The Microsoft Authenticator app for iOS devices is now compliant with the U.S. government's "Federal Information Processing Standards (FIPS) 140" security standard, according to a Thursday Microsoft announcement.

Rackspace Confirms Ransomware Attack on Hosted Exchange Service

Managed services provider Rackspace issued an announcement on Tuesday confirming that its hosted Microsoft Exchange e-mail service was disrupted by a ransomware attack.

Container Stack

Microsoft's Azure Kubernetes Service Getting Bolstered by Isovalent's Security, Networking and Observability Solutions

Microsoft and Isovalent on Monday announced efforts to bring eBPF capabilities to Microsoft's Azure Kubernetes Service (AKS).

The Good and the Bad of Windows 11's New Smart App Control

The new security feature does help to address the growing ransomware issue. But it's not perfect.

Microsoft Sentinel Adds Preview of Incident Tasks Feature

A preview of a Microsoft Sentinel "Incident Tasks" feature was announced on Tuesday by Microsoft.

Black White Wave IMage

Microsoft Entra Workload Identities Commercially Released

The Microsoft Entra Workload Identities service is now available as a commercial product offering, having reached the "general availability" stage, Microsoft announced on Monday.

Microsoft Defender Vulnerability Management Preview Can Now Check for Firmware Vulnerabilities

The Microsoft Defender Vulnerability Management service can now assess the firmware security of client devices, a new capability that's available at the public preview stage, per a Monday announcement.

Microsoft Security Guidelines for Open Source Software Adopted by OpenSSF

The Open Source Security Foundation (OpenSSF) announced on Wednesday that it has adopted the Secure Supply Chain Consumption Framework (S2C2F) for ensuring the secure use of open source software (OSS) by developers.

Microsoft Bolstering Its Attack Simulation Training Service with SANS Institute Learning Modules

Microsoft indicated last week that it'll be bringing a SANS Institute training series to Microsoft 365 Defender for Office 365 users of its Attack Simulation Training service.

Microsoft Provides Guidance on Recent OpenSSL Security Risks

Microsoft has chimed in on the highly visible OpenSSL security risks that emerged last week, and advises users start applying fixes based on OpenSSL's recent patches.

Microsoft and Yubico Preview Certificate-Based Authentication for Mobile Devices Using Security Keys

Microsoft on Wednesday announced a preview of Azure Active Directory Certificate-Based Authentication (CBA) support for Android and iOS devices using hardware security keys.

Microsoft Confirms Two Zero Day Exploits of Exchange Server

Exchange Server products are potential subject two newly disclosed "zero-day" vulnerabilities that are under exploit, Microsoft acknowledged, in a Thursday announcement.

Microsoft Authenticator Features Can Address 'MFA Fatigue Attacks'

Microsoft is urging organizations using the Microsoft Authenticator app to activate additional security functionality to protect against possible "multifactor authentication fatigue attacks," according to a Wednesday announcement.

Subscribe on YouTube