Security


Remote PowerShell for Exchange Online Ending This Month

Microsoft on Monday announced that it will turn off Remote PowerShell Protocol for Exchange Online, starting as early as Oct. 3, 2023 for its worldwide service customers.

Microsoft Entra ID Protection Eases Password Change Remediations

Microsoft has improved the remediation process when users authenticating via on-premises methods are deemed to be at risk by the Microsoft Entra ID Protection service, per a Thursday announcement.

Exchange Online Tamper Protections Arriving in 2024

Microsoft on Wednesday gave notice that its Exchange Online e-mail tamper protections are planned for completion in 2024, which may entail some backend changes by IT departments.

Cisco To Acquire Splunk for About $28 Billion

Cisco is acquiring security and IT solutions provider Splunk for about "$28 billion in equity value," per a Thursday announcement.

Windows Server 2012 ESUs via Azure Arc Now Commercially Available

Microsoft this week announced that Extended Security Updates for Windows Server 2012 and Windows Server 2012 R2, as managed using Azure Arc, reached the "general availability" commercial-release stage.

Microsoft Addresses Misconfigured Token Exposing 38TB of Microsoft Data

Microsoft indicated on Monday that it had revoked an overly permissioned Shared Access Signature (SAS) token, said to have exposed "38TB" of internal Microsoft data.

Kelp Illustration

It All Starts with a Plan

Throwing money at your network security without insight into the strengths and limitations of your network will put your enterprise users' data at risk.

Microsoft Adds SMB Security Controls for Windows Insider Program Testers

Microsoft has added Server Message Block security measures for IT pros, which are now available as part of an early Windows preview release.

SharePoint Server Subscription Edition Update 23H2 Released

Microsoft released "feature update" 23H2 for SharePoint Server Subscription Edition (SE), per a Tuesday announcement.

66 Vulnerabilities Squashed in Microsoft September Security Patch

This month also features two zero-day fixes for Word and Microsoft Streaming Service.

Cyber Security Education Never Ends

John O'Neill, Sr. stresses the importance of staying up to date with an ever-changing enterprise security landscape.

Phishing Group Targets Thousands of Microsoft 365 Accounts

A black market called "W3LL Store" provided threat actors with all the tools they needed to pull off targeted attacks.

Notebook

Yubico Shares Expertise on How To Get to Passwordless

This month, I chatted with Yubico experts Erik Parkkonen, solutions architect, and Derek Hanson, vice president of standards and alliances, on the passwordless goal for organizations and where we are at this point.

Microsoft Defender for Identity Adds More Certificate Abuse Detections

Microsoft Defender for Identity now has a new sensor to further detect certificate abuses by attackers, per a Wednesday announcement.

Building a CyberInsurance Compliant Security Infrastructure

When attackers strike and operations suffer, good CyberInsurance may make the difference between a few stressful days, or catastrophic monetary losses.

Microsoft Offering New Defender Vulnerability Management Standalone Product

Microsoft this week announced multiple improvements across its enterprise-grade security products.

Microsoft August Patch Tuesday: 1 Zero-Day Security Flaw Addressed

In the wake of last month's massive security update, Microsoft has released a smaller number of fixes for August.

Microsoft Edge for Business Arriving this Month for Entra ID Users

Microsoft Edge for Business will be arriving during the week of Aug. 17, Microsoft announced on Friday.

Microsoft Declares Power Platform Flaw, Found by Tenable, To Be Fixed

Microsoft on Friday announced that it had fixed security issues with "Power Platform Custom Connectors using Custom Code" that had been identified by security solutions firm Tenable back in March 2023.

CISA Outlines 3-Year Plan To Address Cybersecurity Issues

The U.S. Cybersecurity and Infrastructure Security Agency on Friday announced the publication of its "Strategic Plan" for the next three years.

Subscribe on YouTube

Upcoming Training Events