Security


Microsoft Releases CodeQL for Detecting Solorigate Tampering

Microsoft announced on Thursday that its CodeQL queries, which were used to detect possible compromise in its source code after the Solorigate attacks, are now publicly available at the GitHub repository.

Microsoft Increasing Intune and EMS 'Standalone' Prices in July

Microsoft last week announced plans to increase the price of "standalone" subscriptions to its Microsoft Intune and Microsoft Enterprise Mobility plus Security (EMS) products starting in July.

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

Microsoft has reconfirmed that the "Solorigate" advanced persistent threat attackers saw some of its source code, although "only a few individual files were viewed."

Microsoft Previewing Improvements to Azure Front Door and Azure Firewall

Microsoft this week announced advancements in two Azure services that are used to add security for applications and content that touch the Internet. 

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

Microsoft is planning to end the integration of the Microsoft Defender for Endpoint security solution with the Azure Information Protection service on March 29, 2021, according to a Wednesday announcement.

Microsoft Commercially Releases Azure Attestation Service

Microsoft announced on Friday that its Azure Attestation service is now commercially released, or "generally available."

CISA Outlines IT Precautions After Florida Water Facility Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published advisory AA21-042A regarding the Feb. 5 electronic intrusion into a Florida water treatment facility by an unknown attacker.

Microsoft Addressing Windows Netlogon Flaw by Turning on Enforcement Mode This Month

CISA issued a reminder on Wednesday that Microsoft is implementing a "domain controller enforcement" mode this month to address a "Critical"-rated Windows Netlogon vulnerability that was initially patched last August.

Floating White Boxes Graphic

Microsoft Addresses 56 Vulnerabilities in February Security Patch Bundle

The February patch tally includes 11 CVEs deemed "Critical," 43 CVEs considered "Important" and two CVEs assessed as "Moderate" in severity.

How To Safely Use a Hyper-V VM for Ransomware Testing

Ransomware is a lot more sophisticated now, attacking data on network drives and in the cloud. Before physically interacting with ransomware, take these precautions to stop anything outside the VM from getting infected.

Microsoft April Security Patch Will Remove 'Legacy' Edge Browser

Microsoft this week explained that its non-Chromium-based Microsoft Edge browser (based on earlier EdgeHTML technology) will get removed when April "update Tuesday" security patches get applied to Windows 10 systems.

Microsoft Rethinks Plans To Block Basic Authentication in Exchange Online

Microsoft on Thursday announced an update to its plans to end "Basic Authentication" when used with the Exchange Online e-mail service.

Microsoft Outlines Azure AD Best Practices and Rolls Out Conditional Access and Sync Improvements

Microsoft recently announced some Azure Active Directory improvements, including conditional access policy management enhancements and synchronization service additions.

Google and Microsoft ID Group Targeting Security Researchers

Security researchers are under attack from a group thought to be associated with North Korea, according to announcements this week by Google and Microsoft.

Microsoft Releases Application Guard for Office, Plus Azure Security Center and Azure Defender for IoT Products

Microsoft this week described a few security products that have reached "general availability" (GA) or commercial-release status, while also touting its overall security-market position.

Phishing Tops Concerns in Microsoft Study of Remote Work

Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

Weird Blue Tunnel Graphic

Microsoft Goes Deep on 'Solorigate' Secondary Attack Methods

Microsoft on Wednesday published an analysis of the second-stage "Solorigate" attack methods used by an advanced persistent threat (APT) attack group.

Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

Subscribe on YouTube

Upcoming Training Events

0 AM
Live! 360 Orlando
November 17-22, 2024
TechMentor @ Microsoft HQ
August 11-15, 2025