Microsoft Azure Active Directory Outage Blocks Access for 2.5 Hours

On Oct. 18th, Issues affecting the Azure Active Directory service blocked customers from accessing applications for around 2.5 hours. The problem was attributed to Microsoft’s multi-factor authentication, known as MFA, challenges not working. MFA is a process in which users validate their identity via another means besides a password. MFA is part of the Azure AD service, […]

Microsoft Urges LDAP Workaround Fix for Windows Systems

Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol (LDAP) in supported Windows systems to implement some configuration changes manually. The details are described in this Windows support article, dated September 10. In addition, Microsoft updated its August security advisory ADV190023, which now includes similar information about carrying out […]

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 Windows Server 2016 Windows Server 2019 An attacker could exploit these vulnerabilities to take control of […]

FBI charges former AWS engineer in Capital One breach

The FBI arrested a former AWS engineer who allegedly stole data for more than 100 million Capital One customers and credit card applications, thanks to a misconfigured firewall. The FBI arrested and charged a former AWS engineer Monday in connection with a massive data breach at Capital One. Paige A. Thompson, 33, is accused of […]

US Government Security Agency Warns of Office 365 Security Misconfigurations

On Monday, 5/13/2019, the Cybersecurity and Infrastructure Security Agency (CISA) warned Office 365 users and their technology partners about common Office 365 misconfigurations. Note: CISA is the new standalone agency within the Department of Homeland Security that functions as the lead national government unit on civilian cybersecurity. A CISA analysis report titled “Microsoft Office 365 […]

Microsoft Azure Recovering from Major Networking-Related Outage

An outage that lasted more than an hour took out a host of Microsoft cloud services Thursday afternoon, as networking connectivity errors in Microsoft Azure also took out third-party apps and sites running on Microsoft’s cloud. Beginning around 1:20pm and lasting for more than an hour, the outage appeared to span the breadth and depth […]

Massive Attacks Bypass MFA on Office 365 and G Suite Accounts via IMAP Protocol

Multi-factor authentication can prevent accounts from being accessed if passwords are stolen or obtained using brute force tactics; however, Proofpoint has discovered that multi-factor authentication is being bypassed on Office 365 and G Suite accounts using the legacy IMAP protocol. Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts, circumventing multi-factor […]