Security Topic Page -- Redmondmag.com

Advanced Search

Security

Exchange Hafnium Attackers Now Using Ransomware

Another reason to patch early and patch often: The Exchange Server zero-day vulnerabilities Microsoft first disclosed earlier this month are now being used in ransomware. 03/12/2021
News

CISA and FBI Issue Joint Advisory on Exchange Server Hafnium Attacks

The U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation announced a Microsoft Exchange Server joint advisory that offers consolidated advice for Exchange Server users on detecting Hafnium attacks. 03/11/2021
News

Microsoft Delivers Patches for 89 Vulnerabilities in March Security Release

Microsoft has released software security updates addressing 89 common vulnerabilities and exposures (CVEs), according to security researchers. 03/10/2021
Posey's Tips & Tricks

Creating an Anti-Malware Policy for Microsoft 365

Those with a business or enterprise subscription to Microsoft 365 have the option to create a policy that will greatly reduce the chances of a user becoming infected from a malicious e-mail. 03/10/2021
News

Microsoft Issues Hafnium Security Fixes that Don't Require Latest Exchange Server Cumulative Updates

Microsoft's Exchange team on Monday announced additional help for organizations having trouble trying to patch Exchange Server products quickly in response to the Hafnium attacks. 03/09/2021
News

Microsoft and Security Researchers Describe Tips and Tools for Detecting Exchange Server Hafnium Attacks

Microsoft has updated its recommendations to organizations running Exchange Server, targeted in Hafnium nation-state attacks, by describing some new resources. 03/09/2021
Posey's Tips & Tricks

Protecting Users Against E-Mail Phishing Attacks

Microsoft's go-to solution for anti-phishing protection is an anti-phishing policy. Here's how to create one in Microsoft 365. 03/08/2021
News

Microsoft Drops 'Solorigate' for 'Nobelium' in Ongoing SolarWinds Attack Investigations

Microsoft this week described "three new pieces" of malware that were used in the SolarWinds Orion espionage attacks dubbed "Solorigate," although Microsoft security researches are now calling it "Nobelium." 03/05/2021
Posey's Tips & Tricks

How To Reclaim Your Privacy from Windows 10, Part 2

These are the top four privacy settings to check in your Windows device to make sure Microsoft doesn't collect any data you don't want it to. 03/03/2021
News

Microsoft Releases Out-of-Band Security Patches for Exchange Server

Microsoft on Tuesday released out-of-band security patches for Exchange Server to address multiple zero-day flaws that are currently being exploited in active attacks. 03/03/2021
Posey's Tips & Tricks

How To Reclaim Your Privacy from Windows 10, Part 1

To audit all of the personal data that Microsoft has collected from your PC usage habits, look no further than Windows 10's Privacy Dashboard. 03/01/2021
News

CrowdStrike Exec Points to Active Directory 'Structural Problems' in Senate Solorigate Hearing

Microsoft's Active Directory authentication solution got notably skewered during a Feb. 23 U.S. Senate hearing on the SolarWinds Orion software hack. 02/26/2021
News

Microsoft Releases CodeQL for Detecting Solorigate Tampering

Microsoft announced on Thursday that its CodeQL queries, which were used to detect possible compromise in its source code after the Solorigate attacks, are now publicly available at the GitHub repository. 02/25/2021
News

Microsoft Increasing Intune and EMS 'Standalone' Prices in July

Microsoft last week announced plans to increase the price of "standalone" subscriptions to its Microsoft Intune and Microsoft Enterprise Mobility plus Security (EMS) products starting in July. 02/22/2021
News

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

Microsoft has reconfirmed that the "Solorigate" advanced persistent threat attackers saw some of its source code, although "only a few individual files were viewed." 02/22/2021
News

Microsoft Previewing Improvements to Azure Front Door and Azure Firewall

Microsoft this week announced advancements in two Azure services that are used to add security for applications and content that touch the Internet. 02/19/2021
News

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

Microsoft is planning to end the integration of the Microsoft Defender for Endpoint security solution with the Azure Information Protection service on March 29, 2021, according to a Wednesday announcement. 02/17/2021
News

Microsoft Commercially Releases Azure Attestation Service

Microsoft announced on Friday that its Azure Attestation service is now commercially released, or "generally available." 02/12/2021
News

CISA Outlines IT Precautions After Florida Water Facility Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published advisory AA21-042A regarding the Feb. 5 electronic intrusion into a Florida water treatment facility by an unknown attacker. 02/12/2021
News

Microsoft Addressing Windows Netlogon Flaw by Turning on Enforcement Mode This Month

CISA issued a reminder on Wednesday that Microsoft is implementing a "domain controller enforcement" mode this month to address a "Critical"-rated Windows Netlogon vulnerability that was initially patched last August. 02/10/2021
News

Microsoft Addresses 56 Vulnerabilities in February Security Patch Bundle

The February patch tally includes 11 CVEs deemed "Critical," 43 CVEs considered "Important" and two CVEs assessed as "Moderate" in severity. 02/10/2021
Posey's Tips & Tricks

How To Safely Use a Hyper-V VM for Ransomware Testing

Ransomware is a lot more sophisticated now, attacking data on network drives and in the cloud. Before physically interacting with ransomware, take these precautions to stop anything outside the VM from getting infected. 02/09/2021
News

Microsoft April Security Patch Will Remove 'Legacy' Edge Browser

Microsoft this week explained that its non-Chromium-based Microsoft Edge browser (based on earlier EdgeHTML technology) will get removed when April "update Tuesday" security patches get applied to Windows 10 systems. 02/06/2021
News

Microsoft Rethinks Plans To Block Basic Authentication in Exchange Online

Microsoft on Thursday announced an update to its plans to end "Basic Authentication" when used with the Exchange Online e-mail service. 02/05/2021
News

Microsoft Outlines Azure AD Best Practices and Rolls Out Conditional Access and Sync Improvements

Microsoft recently announced some Azure Active Directory improvements, including conditional access policy management enhancements and synchronization service additions. 02/02/2021

Office 365 Watch

Sign up for our newsletter.

Email Address*Country*

Please type the letters/numbers you see above.

AI-Powered Microsoft Security Copilot Revealed

Microsoft Previews New Teams App for Windows

Microsoft Reminds Office 2016 and 2019 Users About Possible Microsoft 365 Service Connection Issues

Microsoft To Cut 1,248 Jobs in Redmond Area

CISA Releases Untitled Goose Tool for Tracking Microsoft Azure and Microsoft 365 Security Incidents

Free Whitepapers

More Tech Library

Free Webcasts