More than 900 VPN Passwords Leaked by Hacker
A list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers, has been published on a Russian-speaking hacker forum frequented by multiple ransomware gangs. According to a threat intelligence analyst, the list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware […]
Class-action lawsuit has accused Microsoft of sharing customer data
A lawsuit has been filed with Microsoft for allegedly sharing the content of business customers’ emails, documents, contacts, calendars, location data, audio files, and video files, among other forms of data, without consent. According to the lawsuit, Microsoft is routinely sharing business customers’ data, including personal and corporate information, with Facebook and other third parties despite publicly claiming it doesn’t. […]
4 Reasons Why the Recycle Bin Can’t Fully Protect Azure Active Directory
Let’s face it, user errors are a reality, and the threat of malicious actors breaching Active Directory –both on-premises and in Azure – is on the rise. Protecting your data has never been more important, yet no native tooling exists to tracks changes, store previous values or enable administrators to rollback those changes immediately. Microsoft […]
Azure Active Directory Security Defaults—not for everyone
Microsoft’s powerful array of cloud offerings—Microsoft Azure, Dynamics, and Office 365—offer paths to business growth without the huge capital investment. Most organizations on the cusp of implementing and experimenting with those services may not make security the first priority in the quest for productivity. The first phase of the exciting journey into the cloud is to […]
Microsoft’s February Security Patches Deliver 12 “Critical” Fixes Among Others
Microsoft has released a hundred patches to Windows and other Microsoft software, including 12 vulnerabilities flagged as Critical, and 87 flagged as Important. Products such as Microsoft’s browsers, Windows, Office, Exchange Server and even the Windows Malicious Software Removal Tool received updates (see Release Notes). Most of the critical bugs are remote code execution and memory corruption bugs […]
Microsoft claims new malware, Dexphot, infected more than 80,000 computers
Microsoft reportedly confirms that a new strain of malware called Dexphot has silently infected more than 80,000 computers since last year. While most malware are designed to gather confidential user information and other sensitive data, Dexphots operates a little differently. According to Microsoft’s security team, this malicious code works its way around the system and […]
Bridging the Office 365 Insider Threat Security Gap
While Microsoft Office 365 maintains robust security features, it may not offer the granularity that many enterprises need. When Microsoft Office 365 isn’t maintained and configured properly, it can put security and compliance requirements in doubt. Here’s what you need to know about the security features included in Office 365 Enterprise, and what companies should […]
We are the enemy | A Look at Insider Threats
Every company needs to be aware of insider threats. The source of insider threats are employees or administrators that make mistakes or purposefully damage your organization’s IT Systems. Insider threats are pervasive and difficult to defend against, and they require proactive security measures and extensive training to defeat. A company’s worst enemies can be its employees—whether they […]
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 Windows Server 2016 Windows Server 2019 An attacker could exploit these vulnerabilities to take control of […]
FBI charges former AWS engineer in Capital One breach
The FBI arrested a former AWS engineer who allegedly stole data for more than 100 million Capital One customers and credit card applications, thanks to a misconfigured firewall. The FBI arrested and charged a former AWS engineer Monday in connection with a massive data breach at Capital One. Paige A. Thompson, 33, is accused of […]