Security


Exchange Security Hole, Delayed Updates and Basic Authentication End Date Announced

This week brings Exchange Online news regarding Basic Authentication, plus a September cumulative update delay for Exchange Server.

Microsoft Offers More Info on MSHTML and OMI Security Holes

Microsoft recently offered more information about two different security vulnerabilities addressed in last week's "update Tuesday" patch release.

Microsoft Azure OMI Vulnerabilities, Dubbed 'OMIGOD,' Still Not Patched

Microsoft's Open Management Infrastructure (OMI) vulnerabilities, disclosed with this week's update Tuesday patch releases, demonstrated yet another hole in Azure security.

No Passwords Needed for Microsoft Accounts

Microsoft on Wednesday announced that the company is ditching the password when it comes to logging into consumer-facing Microsoft accounts.

Almost Half of Databases Are Vulnerable to Attack

According to a five-year study by California-based security firm Imperva Inc., 46 percent of all global on-premises databases have existing flaws that can be leveraged by outside attackers.

Microsoft September Security Patches Address 66 Vulnerabilities

Microsoft has released September security patches, addressing an estimated 66 common vulnerabilities and exposures (CVEs).

Apple Issues iOS Patches, Fixes Vulnerability Linked to NSO Group

Apple issued patches for two vulnerabilities that can permit an attacker to run code on iOS devices, with one vulnerability (CVE-2021-30860) said by researchers to originate from the NSO Group, an Israeli spyware maker.

'Azurescape' Attack on Azure Container Instances Highlights Risks of Using Multitenant Services

The Microsoft Security Response Center issued a "coordinated disclosure" notice on Wednesday for users of the Azure Container Instances (ACI) service, promising that "no unauthorized access to customer data" had occurred.

Report: 33% of Flagged Work E-Mails Are Phishing Attempts

Latest analysis shows how prevalent phishing attempts are -- and how important it is to have proper e-mail reporting and comprehensive e-mail training.

New PowerShell Tools Assess Microsoft Defender Antivirus Performance

Microsoft on Tuesday announced new PowerShell 5.1 cmdlets for analyzing the scanning performance of the Microsoft Defender Antivirus service.

Microsoft Warns of Active Attacks Using Malicious Office Documents

The Microsoft Security Response Center warned of active attacks leveraging a remote code execution vulnerability in Internet Explorer's Trident engine (MSHTML), per a Tuesday Twitter post.

Q&A with Karinne Bessette: Ransomware Tips for All

A top Veeam technologist shares what critical first steps IT must take during a ransomware attack. Above all else: Don't pay the ransom.

FBI and CISA Warn Ransomware Attacks More Prevalent on Holidays

Organizations could be more subject to ransomware attacks on weekends and holidays, according to an alert issued this week by the FBI and the Cybersecurity and Infrastructure Security Agency. 

Microsoft to Azure Cosmos DB Users: Your Data May Have Been Exposed

Microsoft warned thousands of Azure Cosmos DB users last week that their data may have been exposed through a recently discovered security flaw in Jupyter Notebook.

Microsoft Defender for Endpoint on Mac Getting Native M1-Chip Support

The Microsoft Defender for Endpoint on Mac security solution is now starting to get "native" agent support for running on Apple M1 chip-based devices, Microsoft announced this week.

Microsoft Pledges $20B Cybersecurity Investment After White House Talk

Big tech companies pledged money and efforts following an Aug. 25 Biden administration meeting on U.S. cybersecurity initiatives, as described in this White House announcement.

Microsoft Urges Patching Exchange Server To Avoid ProxyShell Attacks

The Exchange team at Microsoft posted an announcement on Wednesday acknowledging "ProxyShell" threats and urging organizations to keep Exchange Server up to date with the latest cumulative updates and security updates.

Power Apps Users Inadvertently Exposed 38M Personal Info Records

Business and government application developers inadvertently exposed a total of 38 million records because of Microsoft's design of its Power Apps application-building service.

ProxyShell Exchange Server Flaw Getting Used for Ransomware Attacks

Security researchers are seeing the appearance of LockFile ransomware deployments after attackers gained access to Exchange Server via a so-called "ProxyShell" vulnerability.

PetitPotam NTLM Relay Attacks Flagged by Microsoft Defender for Identity

Microsoft explained "PetitPotam" NTLM relay attacks in a Wednesday announcement, while also suggesting that its Microsoft Defender for Identity product was capable of identifying such attack attempts.

Subscribe on YouTube

Upcoming Training Events