Security

Microsoft has released a new update for its Authenticator app that allows users to generate strong and unique passwords. The new password generation feature started rolling out last month, and it’s now generally available for all customers. Microsoft highlights that the Authenticator app uses an “enterprise-grade password generation algorithm” to generate all new passwords. The…

Microsoft is planning to make some changes to the existing authentication policies on its GitHub platform. The company has announced that it will require all developers contributing code to the service to enroll in at least one form of two-factor authentication (2FA) by the end of 2023. GitHub is a popular cloud-based service that allows…

Security researchers at Armis have discovered five critical vulnerabilities in multiple network devices sold by Aruba and Avaya. The security flaws, dubbed TLStorm 2.0, could allow malicious actors to gain complete control of network switches typically used in hospitals, hotels, airports, and other businesses. According to the security researchers, the TLStorm 2.0 vulnerabilities have CVSS…

Microsoft has launched a new standalone version of its Defender for Business solution for commercial customers. The new cost-effective enterprise-grade endpoint security offering was first announced at Ignite 2021, and it’s designed for small to medium-sized businesses with up to 300 employees. The Redmond giant started rolling out Microsoft Defender for Business to organizations with…

Last week, QNAP published a security advisory to warn customers about new critical flaws in an open-source fileserver technology integrated into its network-attached storage (NAS) devices. The company has advised customers to look out for updates to address the vulnerabilities affecting some of its products. QNAP explained in its advisory that these flaws exist in…

When we think about administrative rights on Intune-enrolled Windows 10 devices, we need to consider two possible device states for that device: Azure AD joined (AADJ), or Hybrid Azure AD joined (HAADJ).  This is due to the different administrative roles available at the directory level. For Azure AD joined devices, at the time of performing…

Cybersecurity researchers have discovered that the threat actors are testing new attack techniques to distribute malware. Indeed, the latest version of the highly sophisticated Emotet botnet uses PowerShell commands attached to the XLL files to target Windows PCs. Emotet is an advanced Trojan that is primarily used to spread malware via phishing emails on compromised…

Microsoft has announced a new partnership with Red Button, an Israel-based Distributed Denial-of-Service (DDoS) attack simulation testing solutions provider. The Redmond giant believes that this collaboration will enable organizations to identify gaps and develop effective strategies to mitigate DDoS attacks. “With Red Button’s DDoS Testing service suite, you will be able to work with a…

Atlassian has released new security patches for its Jira and Jira Service Management solutions. The latest set of updates aims to address a critical vulnerability that could let attackers to bypass authentication controls. According to Atlassian’s security advisory, the bug was first discovered by Khoadha of Viettel Cyber Security. Tracked as CVE-2022-0540 and issued a…

Back in December, Amazon released emergency fixes to address the Log4j vulnerability in JVMs across multiple environments, but it looks like these updates still left some security loopholes. Since Amazon published the fixes, security researchers have discovered that the original hot patch left AWS customers vulnerable to container escape and privilege escalation bugs (via The…