Security

In this guide about Active Directory security, we’re going to detail five steps that IT admins need to follow to secure Active Directory environments in an organization. There are many best practices you’ll need to be familiar with to ensure Active Directory security, including restricting the use of privileged accounts, monitoring Windows Event Log for…

Microsoft has recently published an initial analysis of the cyber-attack that was carried out by Russian state-sponsored hackers in late November of 2023. The company has raised concerns that the same threat actor is currently targeting other organizations and has provided detailed guidance to help organizations strengthen their defenses. Last week, Microsoft disclosed that a…

Microsoft has released a new dedicated inventory in public preview for its Defender Vulnerability Management solution. The new Vulnerable Components Inventory feature allows IT administrators to actively detect and address known vulnerabilities in software components used within their enterprise environments. Microsoft Defender Vulnerability Management is a security solution that enables organizations to discover, prioritize, and…

Last week, Microsoft disclosed that Russian state-sponsored hackers exploited a weak password to infiltrate its corporate network. The threat actor (dubbed Midnight Blizzard) gained unauthorized access to the email accounts of its senior executives and employees working in legal and cybersecurity teams. Microsoft detailed that the Russian hacking group (also known as Nobelium or APT29)…

Microsoft Defender for Cloud has introduced support for agentless malware scanning for servers hosting virtual machines. The new feature is designed to help organizations assess software vulnerabilities on VMs without requiring the installation of Defender for Endpoint. Microsoft Defender for Cloud already supports various agent-based vulnerability assessment solutions, such as Qualys, BYOL, and Microsoft Defender…

The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI have issued a warning regarding the recently discovered Androxgh0st malware. This malicious campaign empowers threat actors to steal credentials and deploy malicious payloads, specifically targeting vulnerable Apache web servers and websites. The malware dubbed “Androxgh0st” was first discovered by the cybersecurity firm Lacework back in…

Microsoft has announced the general availability of Defender for Cloud’s integration with Microsoft Defender XDR. This release offers administrators direct access to investigate and manage Defender for Cloud alerts and incidents within the Microsoft Defender portal. Microsoft Defender for Cloud is a security solution that enables organizations to protect cloud-based applications from security threats and…

Cybersecurity researchers have disclosed a serious threat to Windows users, as hackers exploit a Windows Defender SmartScreen bypass vulnerability to deploy the Phemedrone Stealer malware. It could enable hackers to harvest sensitive information (such as cookies, passwords, and authentication tokens) from Windows machines. The security flaw, which is tracked as CVE-2023-36025, has a CVSS score…

The Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about the active exploitation of a critical vulnerability in Microsoft SharePoint. The security flaw (tracked as CVE-2023-29357) allows unauthenticated attackers to gain administrative privileges on unpatched servers. The Microsoft SharePoint vulnerability was first discovered by STAR Labs researcher Nguyễn Tiến Giang (Jang) during Vancouver’s Pwn2Own…

Microsoft has recently shared details about how Defender for Office 365 is effectively countering the rise of QR code phishing attacks. A QR code (Quick Response code) is a two-dimensional barcode capable of storing different types of information (such as product details, contact information, and website URLs). It can be easily scanned with smartphones or…