U.S. government security agencies on Thursday issued a joint advisory (PDF) regarding five software security vulnerabilities that are currently getting exploited by the Russian Foreign Intelligence Service (SVR).
Microsoft plans to stop trusting Secure Hash Algorithm 1 (SHA-1) certificates next month for "all major Microsoft processes and services," according to a Wednesday announcement.
The U.S. Federal Bureau of Investigation (FBI) has deleted Webshells on Hafnium-compromised Exchange Server installations across the country, and is now sending notices to victim organizations, according to a Tuesday announcement.
Microsoft released security updates for 114 common vulnerabilities and exposures in its software products, while also publishing a supplementary note urging organizations to apply the new April Exchange Server "Critical" patches "as soon as possible."
A key part of an organization's ransomware-prevention strategy is creating Exchange mail flow rules that take action against messages that are likely to contain ransomware.
IT pros are getting a modest bump-up in oversight capabilities with the Azure Active Directory improvements that were announced this month.
Backups aren't just the last line of defense against ransomware. If you know the signs, your backups can also help you stop a ransomware attack that is currently in progress.
Microsoft on Thursday published a comprehensive description of the Exchange Server attack methods currently taking advantage of four zero-day flaws in those products, and offered extensive advice.
Microsoft on Thursday highlighted a few additions this month for users of Microsoft Endpoint Manager, which is used for configuring and managing devices and servers.
Microsoft on Tuesday announced a preview of an enhancement to Microsoft Defender for Endpoint on Linux's anti-virus solution, adding behavior monitoring, deep scanning and blocking capabilities.
A couple of industry-sponsored studies on security practices associated with supporting remote workforces were recently published this week.
Microsoft on Thursday clarified that organizations running Exchange Server can get automatic security mitigations against Hafnium attacks via Microsoft Defender Antivirus.
The Microsoft Security Response Center team on Tuesday issued "Guidance for Responders," which provides more advice on how organizations can respond to the recent attacks that are leveraging Exchange Server zero-day flaws.
Once universally loathed, UAC is now a very useful tool for blocking Windows security threats. Here's how to make sure you're using it appropriately.
Microsoft on Tuesday announced the release of a one-click tool to apply temporary security protections against the recent Exchange Server attacks from the "Hafnium" advanced persistent threat group and other attackers.
Microsoft announced a lot of Azure SQL news at Ignite this month, but few as critical to application development security than the public preview of Always Encrypted with secure enclaves. Here's how to get started with this new feature.
- By Joey D'Antoni
- 03/15/2021
Exchange Servers are getting attacked to install ransomware, dubbed "DearCry," Microsoft warned on Thursday.
The U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation announced a Microsoft Exchange Server joint advisory that offers consolidated advice for Exchange Server users on detecting Hafnium attacks.
Microsoft has released software security updates addressing 89 common vulnerabilities and exposures (CVEs), according to security researchers.
Those with a business or enterprise subscription to Microsoft 365 have the option to create a policy that will greatly reduce the chances of a user becoming infected from a malicious e-mail.