Security

Microsoft 365 Defender is getting a new update that enables customers to detect and block adversary-in-the-middle (AiTM) attacks. The company explained that the AiTM protection feature builds on top of the existing automatic attack disruption (XDR) capabilities that launched in February 2023. Adversary-in-the-Middle (AiTM) is a phishing technique that enables threat actors to hijack session…

Microsoft has recently released several new security tools and features for its Microsoft Entra product family. These updates are designed to help organizations improve their security posture and protect against sophisticated cyber-attacks. “With the ever-increasing sophistication of cyber-attacks and the increasing use of cloud-based services and the proliferation of mobile devices, it is essential that…

Do you know your WAF from your WAAP? Or your RASP from your WAF? This week, Petri is hosting a webinar with Fortra, which looks at how to protect your web apps from advanced web attacks. Join myself and Fortra’s Josh Davies, an experienced senior security analyst, who will explain some advanced techniques attackers use…

Google has started rolling out its passkey technology to Google accounts across all platforms. The feature allows users to log into any of their accounts with passkeys instead of passphrases and multifactor authentication (MFA). A passkey is an authentication feature that enables users to securely access apps and services. It’s designed to let users authenticate…

Last week, Google announced account synchronization support for its Authenticator app. On April 25, the security research team Mysk highlighted on Twitter that the feature lacks support for end-to-end encryption (E2EE). The security researchers found that the network traffic used to sync the credentials is not end-to-end encrypted. This means that the seed used to…

Apache Superset has released fixes to patch a security flaw in the default configuration that could lead to remote code execution. Tracked as CVE-2023-27524, the vulnerability allows threat actors to potentially steal sensitive data, harvest credentials, and then execute malicious code. Apache Superset is an open-source data exploration and virtualization solution. It enables users to…

Microsoft announced some new updates for its Microsoft Sentinel solution this week. The company has highlighted a new Workspace Manager feature, Hunts feature to identify security threats, and other improvements. Specifically, Microsoft Sentinel is getting a new Workspace Manager that enables IT admins to manage multiple Sentinel workspaces from a central workspace. The feature supports…

Microsoft has announced that its App Governance add-on will soon be a part of the Microsoft Defender for Cloud Apps service. Starting on June 1, the feature will be available for all customers with an E5 Security/Microsoft 365 E5 or any other subscription at no additional cost. Microsoft highlighted that threat actors are increasingly targeting…

Microsoft has announced the public preview of its new Microsoft Defender for APIs solution. The new powerful tool enables organizations to improve the security and management of their “business-critical APIs.” Microsoft explained that Defender for APIs is available as part of its Microsoft Defender for Cloud service. It’s a security solution that protects cloud-native applications…

Google has released a new much-awaited feature for its Authenticator app on Android and iOS. The latest update allows users to sync their two-factor authentication codes (2FA) to Google accounts. Google launched its Authenticator app for mobile users back in 2010. It’s designed to help customers protect their online accounts with two-factor authentication (2FA). The…