Security


New Microsoft Defender Experts for Hunting Service Now Commercially Available

Microsoft on Wednesday announced the "general availability" commercial release of the Microsoft Defender Experts for Hunting service.

Microsoft Releases New Microsoft Defender Security Services, Plus Microsoft Sentinel Solution for SAP

Microsoft on Tuesday announced three new enterprise-grade security products, which are now commercially released.

Attackers Evolve Strategy After Microsoft Office Macro Blocking

Threat actors are adjusting their tactics and moving away from macro-based attacks after Microsoft's policy of blocking VBA macros in Office, according to a report released this week.

Microsoft Ending the Windows Information Protection Service

Microsoft on Thursday announced the gradual end of its Windows Information Protection (WIP) service, which is designed to keep users of Microsoft 365 apps from inadvertently disclosing organizational information.

Microsoft Access Fixes Coming Soon To Remedy Patch Tuesday Update Troubles

Microsoft this week indicated that fixes for Microsoft Access problems, which were caused by a botched July 12 "patch Tuesday" security patch release, will be arriving soon.

Man and Arrows

Microsoft Once Again Blocks Malicious Macros in Office

Microsoft this week said they are once again reverting back to blocking Visual Basic Application (VBA) macros in Office.

Microsoft Touts HyperClear Protection Against RETbleed and Other New Side-Channel Attacks

Microsoft announced on Tuesday that its HyperClear technology used with its Hyper-V hypervisor offers protections against new speculative execution side-channel attack methods that were disclosed last week by AMD and Intel.

Decentralized Identifiers Finalized as W3C Recommendation

The nonprofit World Wide Web Consortium (W3C) on Tuesday announced that its collaborative work on Decentralized Identifiers (DIDs) is now a W3C Recommendation, which is at version 1.0.

Thousands of Orgs Hit by Massive AiTM Phishing Campaign

Microsoft disclosed details this week of a large-scale phishing campaign that has targeted more than 10,000 organizations since September 2021.

Microsoft Adds DNS over TLS to Windows 11 Test Release

Microsoft on Wednesday announced features in Windows 11, build 25158, for its Windows Insider Program testers that includes a new Domain Name System (DNS) over Transport Layer Security (TLS) encryption option.

Microsoft Defender for Business Adds Server Protections Preview

Microsoft Defender for Business now has the ability to protect servers, which is at the preview stage, according to a Wednesday Microsoft announcement.

July (Auto) Patch Tuesday: One Zero-Day Flaw Fixed

Microsoft's monthly security patches for July are here and, despite the 86 flaws fixed, it might go smoother for some thanks to Windows Autopatch.

Microsoft Entra Permissions Management Service Now Commercially Available

The Microsoft Permissions Management service, used for ensuring proper access permissions across cloud services, is now commercially available, according to a Thursday Microsoft announcement.

Microsoft Commercially Releases Windows Autopatch

Microsoft on Monday announced that its new Windows Autopatch service is now commercially available.

Microsoft Reverses Office Macro Blocking Decision

Microsoft has quietly reversed an earlier decision to block Internet macros by default in Office.

Microsoft Highlights Protections Against NTLM Relay Attack Variant DFSCoerce

Microsoft on Friday noted that a new "PetitPotam" NT LAN Manager (NTLM) relay attack variant called "DFSCoerce" is addressed if organizations followed its earlier advice in Knowledge Base article KB5005413.

AMD Data Held by Cyber Criminal Group RansomHouse

According to claims made by the cybercriminal group RansomHouse, the group is in possession of data stolen from Santa Clara, Calif.-based chip maker AMD.

Microsoft Defender Vulnerability Management Now Reports CVEs Lacking Fixes

Microsoft is previewing the ability for organizations to see when software lacks fixes for common vulnerability and exposures (CVEs), as described in a Monday announcement.

Survey: Support for Zero Knowledge Proofs in Web3 Growing

The cryptography practice of proving and validating information without revealing the data behind the information -- known as zero knowledge proofs (ZKP) -- is the key to securing and growing Web3 and the metaverse, a recent survey found.

CISA, NSA and Other Agencies Recommend Hardening PowerShell

Government cybersecurity organizations on Tuesday announced guidelines for using Microsoft's built-in PowerShell scripting language with Windows, without having it also be leveraged by attackers.

Subscribe on YouTube