Security researchers have disclosed a new firmware vulnerability named LogoFAIL, which is capable of infiltrating a wide array of Windows and Linux machines. The attack allows threat actors to use malicious logo images to potentially compromise the security of devices from major vendors, including Intel, Acer, and Lenovo. Cybersecurity company Binarly has discovered a security...
Welcome to the Security category page, your fortress for safeguarding digital assets. In an age where cyberthreats are ever-evolving, IT security is paramount. Here, you’ll find resources including best practices, tools, and strategies to protect networks, systems, and data. Whether you’re an IT professional looking to understand the basics or seeking advanced security solutions, or a business owner aiming to fortify your defenses, this page is your stronghold for cybersecurity knowledge.
Microsoft has warned customers that a Russian state-sponsored hacking group (dubbed Forest Blizzard (STRONTIUM)) is actively exploiting an Outlook flaw to target Exchange Servers. The vulnerability could potentially unlock unauthorized access to emails and pave the way for the pilfering of sensitive information. In March, Microsoft disclosed a critical vulnerability in Outlook for Windows that…
Microsoft has announced that it’s deprecating Defender Application Guard for Office this month. The company has quietly updated its support article to indicate that the security feature will no longer receive updates. “Microsoft Defender Application Guard for Office is being deprecated and is no longer being updated. This deprecation also includes the Windows.Security.Isolation APIs that…
Microsoft has introduced a new Terraform module aimed at simplifying the onboarding process for Microsoft Defender for Cloud (MDC). This module enables organizations to configure MDC plans for their subscriptions or management groups using a minimal amount of code. Microsoft Defender for Cloud is a security solution that allows customers to protect cloud-based applications against…
Cybersecurity researchers from Blackwing HQ have managed to bypass Windows Hello fingerprint authentication on three different laptops from Dell, Lenovo, and Microsoft. The penetration tests were carried out at the request of Microsoft to assess the security of the fingerprint sensors used in these devices. Windows Hello is a biometric authentication feature that allows users…
Microsoft announced yesterday the launch of its new Defender Bounty Program. The new program is aimed at enticing security researchers to unearth new vulnerabilities in the security solution in exchange for rewards between $500 and $20,000. The submissions must specify the severity (Critical or Important) and step-by-step instructions to reproduce the issue in the fully…
Microsoft has introduced email notifications support for its Microsoft Defender XDR service. The feature allows IT admins to configure the security solution to receive notifications through email for both manual and automated response actions. Microsoft Defender XDR (formerly Microsoft 365 Defender) is a managed extended detection and response service designed to help customers prevent, detect,…
Microsoft has announced the general availability of its Defender for APIs security solution. This new offering has been in preview as part of the Microsoft Defender for Cloud service since April, allowing organizations to safeguard their business-critical APIs and sensitive data from evolving cyber threats. Microsoft Defender for Cloud is designed to offer security and…
It’s been a couple of months since Microsoft introduced Security Copilot, an AI-powered assistant that’s designed to help cybersecurity professionals detect breaches. At its Ignite 2023 conference, the company announced a slew of new updates coming to Security Copilot and the expansion of AI-powered capabilities across all clouds and platforms. Vasu Jakkal, CVP of Security,…
Microsoft has announced that enterprise IoT (eIoT) security capabilities are now available for organizations with Microsoft 365 E5/E5 security subscriptions. This release makes it easier for enterprise customers to monitor unmanaged enterprise IoT devices, detect anomalies, and improve security posture. Enterprise IoT (eIoT) security offers visibility and security for internet-connected devices and networks in business…