US Government Security Agency Warns of Office 365 Security Misconfigurations
On Monday, 5/13/2019, the Cybersecurity and Infrastructure Security Agency (CISA) warned Office 365 users and their technology partners about common Office 365 misconfigurations. Note: CISA is the new standalone agency within the Department of Homeland Security that functions as the lead national government unit on civilian cybersecurity. A CISA analysis report titled “Microsoft Office 365 […]
Verizons’ 2019 Data Breach Investigations Report
Every year Verizon creates a report that covers previous period cyber breaches. That report has now been released. Not only is this report relevant to IT security professionals, but anyone that regularly uses a device to connect to the internet. Check out Verizons’ Data Breach Investigations Report.
Is your Active Directory security relying on a single check-box?
Don’t trust your Active Directory Security to a single check-box! Trusting the disable check box in Active Directory is risky if additional steps are not taken to ensure the the user account will not be re-enabled with unintended (possibly disastrous) consequences. Often the best practice steps are overlooked or not followed because of the additional […]
Massive Attacks Bypass MFA on Office 365 and G Suite Accounts via IMAP Protocol
Multi-factor authentication can prevent accounts from being accessed if passwords are stolen or obtained using brute force tactics; however, Proofpoint has discovered that multi-factor authentication is being bypassed on Office 365 and G Suite accounts using the legacy IMAP protocol. Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts, circumventing multi-factor […]
Top 5 Office 365 Security Features
Microsoft Office 365 offers a range of productivity and collaboration benefits for information workers. When managed correctly the Office 365 platform also helps reduce IT department expenses and capital expenses (CAPEX) The service does present a number of security challenges, however. With the right security practices, Office 365 user data, as well as corporate data, […]
Exchange Web Services Fossilizes, Loses Basic Authentication
Exchanged for a Graph – The word is out. Exchange Web Services (EWS) will receive no more feature updates, though security and “certain non-security” updates will continue going forward. The same applies to EWS’s SDKs for Java and .NET. EWS will remain available and supported in production environments, but the lack of feature updates means […]
MFA Enabled vs Enforced – What’s the Difference?
Last Updated On: Understanding Office 365 Multi-Factor Authentication Enabled vs. Enforced One of the top ways Microsoft recommends to secure your Active Directory and Office 365 is by setting up multi-factor authentication (MFA). Passwords remain the most popular form of verifying a user’s identity but are highly vulnerable to cyberattacks, like phishing and password spray. […]
Top 10 Security Myths from Gartner
Top 10 Security Myths from Gartner “It won’t happend to me was the #1 myth in Gartner’s Top-10 Myths IT security. Most security experts agree that IT should prepare as if a security breach is an eventually rather than a mere possibility. In Summary It won’t happen to me. IT doesn’t spend enough on security […]