Security


Motherboard Image

Microsoft Cautions of Growing 'Ice Phishing' Threat on the Blockchain

This week Microsoft released a warning that it's seeing an increased number of phishing attempts aimed at web3 -- a term used to describe the decentralized environment created on the blockchain.

Microsoft Eliminates Need for ADFS with Azure Active Directory Certificate-Based Authentication Preview

Microsoft on Monday announced the availability of Azure Active Directory certificate-based authentication at the public preview stage.

The FIDO Impetus to Passwordless Authentications

The time is ripe for organizations to implement "phishing-resistant multifactor authentication" via FIDO standards, says advocate Andrew Shikiar.

Defender Portal Gets Microsoft Defender for Identity Capabilities

The Microsoft 365 Defender portal now supports some lagging Microsoft Defender for Identity capabilities that have reached the "general availability" (GA) commercial-release stage, Microsoft announced this week.

Microsoft Addresses 50 Vulnerabilities in February Security Patch Release

Microsoft released February security patches on Tuesday, addressing perhaps around 50 or so common vulnerabilities and exposures (CVEs).

Microsoft Clarifies MSIX App Installer December Security Issue

Microsoft reiterated on Friday that a flaw in an application installer component used with its MSIX app packager has been abused by malware, and temporary measures should be followed until there's a fix.

Office Macro Blocking by Default Coming This Year for Some Windows Users

Microsoft announced on Monday that it will be bringing a new default for Windows Office users that is said to "block Internet macros by default."

Microsoft Teams' Upcoming Lockbox Feature Is Big News

The new security benefits will be much appreciated for us who live in Microsoft's communication platform more and more these days.

Microsoft Credits Multifactor Authentication in Blocking Second-Stage Phishing Attacks

Microsoft explained last week that it is seeing multiphase phishing attacks getting tried that could be successful against organizations that haven't implemented multifactor authentication (MFA).

Exchange Online Getting Better E-Mail Tampering Security Protections

Exchange Online users soon will be getting some security enhancements that will enforce the use of Transport Layer Security (TLS) encryption for e-mails and ward off so-called "man-in-the-middle" attacks.

Microsoft Sentinel Adds GitHub Code Repository Monitoring

Microsoft announced on Wednesday that it's now possible to use Microsoft Sentinel to continuously monitor GitHub developer repositories for possible adverse activities.

Report: 1 in 7 Ransomware Attacks Expose Critical Enterprise Information

A recent security report found that the threat of ransomware attacks aimed at organizations resulting in critical operational technology (OT) information being leaked is on the rise.

Top 10 In-Depth Articles of 2021

Take a look back at the best columns from our experts that broke down some of the bigger Microsoft stories and provided invaluable IT tips and advice.

Revisiting My 2021 Tech Predictions

Let's take a look back and see how I did with my tech predictions made 12 months ago.

Top 10 Microsoft IT Headlines of 2021: PrintNightmare Becomes a Reality

Even during a year where Microsoft dropped a new OS, security issues, highlighted by the "PrintNightmare" spooler vulnerability, dominated the conversation.

Top 10 IT Security Headlines of 2021: The Vulnerabilities We Spent Worrying About

Let's take a look back at our year of vulnerability exposures, reactionary patches and losing sleep over what security hole would emerge tomorrow.

Microsoft Sentinel Gets Log4j Exploit Detector Preview

Microsoft added a preview solution in Microsoft Sentinel that helps IT pros find signs of Log4j exploits, according to a Thursday announcement and Twitter post.

Log4j Attack Methods Explained by CrowdStrike

CrowdStrike on Thursday presented advice for organizations attempting to address a security vulnerability in the Log4j Java logging framework used in Apache Web servers, currently undergoing widespread exploitation.

Widespread Log4j Remote Code Execution Vulnerability Could Affect Millions

Log4j, a widely used open-source Java logging library, has a critical-remote code execution (RCE) vulnerability that is currently being leveraged in malicious attacks.

Microsoft December Security Patches Arrive, but Log4j Takes Center Stage

Microsoft on Tuesday released security patches for 67 common vulnerabilities and exploits, even as organizations are scrambling to address a Log4j flaw in Apache servers that's under active exploit.

Subscribe on YouTube

Upcoming Training Events

0 AM
Live! 360 Orlando
November 17-22, 2024
TechMentor @ Microsoft HQ
August 11-15, 2025