Microsoft unveiled its plans to disable Excel 4.0 XLM macros by default back in October 2021. The company has now announced that this application policy change is now rolling out to all Microsoft 365 tenants and it aims to protect customers from malicious documents. For those unfamiliar with Excel 4.0 macros (XLM), this is a… Read More
Amazon Web Services has announced some important updates for its AWS Firewall Manager service. The company says that the popular security management tool has added support for AWS Shield Advanced automatic application layer DDoS mitigation. For those unfamiliar, AWS Network Firewall is a security management service that allows users to configure and manage their firewall… Read More
Microsoft patches a wormable bug in http.sys in Windows and Windows Server. There are also fixes for three remote code execution vulnerabilities in Exchange Server. And Adobe releases fixes for 26 flaws in Acrobat and Reader. So, let's get started! Windows and Windows Server This month there are fixes for six zero-days in Windows and… Read More
SonicWall, the cyber-security provider has announced that the Y2K22 bug has affected some of its email security and firewall products. The company released new patches last week to address the issue, which has been causing junk box and message log updates failures since January 1, 2022. As the cyber-security firm explained, the SonicWall Y2K22 bug… Read More
Microsoft has announced its Defender for Endpoint solution has added support for zero-touch onboarding on iOS. This feature is now available in public preview, and it should enable IT administrators to quietly install the Microsoft Defender for Endpoint app on enrolled iOS devices without any user interaction. “With this new capability, enterprises can now deploy… Read More
Microsoft unveiled its Pluton security processor back in November 2020, which is designed to make CPUs more secure by protecting PCs from the most sophisticated types of attacks. At CES 2022, Lenovo announced its Ryzen 6000-powered ThinkPad Z-series laptops, including the Lenovo ThinkPad Z13 and Z16. https://youtu.be/utfK3myvIlA The new Lenovo ThinkPads are the first… Read More
Security researchers have revealed several new security flaws impacting the “link preview” feature in Microsoft Teams. The cybersecurity company Positive Security discovered four separate vulnerabilities in the feature back in March 2021, which can be exploited by attackers to leak victims' IP addresses, spoof link previews, and launch denial of service (DoS) attacks targeting Android… Read More
Microsoft has announced some important updates for Microsoft Sentinel, its scalable cloud-native SIEM tool that provides AI-powered security analytics in enterprise environments. The Redmond giant has launched a new solution in public preview that should help IT Admins to detect Apache Log4j vulnerabilities. Last week, Microsoft acknowledged the emergence of an Apache Log4j vulnerability (CVE-2021-44228)… Read More
by Dean Ellerby
Security Management with Microsoft Defender for Endpoint is a new feature that can be used to apply security configuration to devices that do not enroll into Microsoft Endpoint Manager. In this scenario, Microsoft Defender for Endpoint retrieves, enforces, and reports on policies deployed via Microsoft Endpoint Manager. The devices are joined to your Azure Active… Read More
This month, a flaw in the Apache Log4j library causes panic, Microsoft patches 67 new CVEs, 7 of which are rated Critical. And Adobe delivers a boat load of patches to finish off the year in style. So, let's get started! Apache Log4j remote code execution vulnerability Let's start this month by talking about Log4Shell… Read More
Microsoft Teams has started rolling out end-to-end encryption (E2EE) support for one-to-one calls. The feature has been available in public preview since October, and it’s now available in the Teams desktop app for Windows and macOS. The end-to-end encryption (E2EE) feature encrypts Microsoft Teams calls at the source and then decrypts the information at the… Read More
Microsoft recently made changes to Azure Active Directory (Azure AD) to mitigate an issue where private key data stored in an Azure AD application or service principal could be read in clear text. Some Azure services were incorrectly storing private key data in Azure AD in the keyCredentials property when creating applications for customers. Microsoft… Read More
by Dean Ellerby
Previously known as Windows Defender Application Control (WDAC), Microsoft Defender Application Control (MDAC) is now even more accessible to organizations through the removal of the Windows 10 Enterprise / Education requirement. Now, organizations using Windows 10 and Windows 11 Professional are able to leverage the feature to gain greater insight and control of their Windows… Read More
by Liam Cleary
In this article, I'm going to show you how to audit security in Microsoft 365 with Access Reviews in Azure Active Directory (AAD). I'll show you how to set up and run Access Reviews from the Azure management portal and using the Microsoft Graph and PowerShell. Azure Active Directory enables core collaboration with users… Read More
by Dean Ellerby
On November 2nd 2021, Microsoft announced Microsoft Defender for Business. The announcement comes following a series of rebranding exercises into the “Microsoft Defender for” fold. What is Microsoft Defender for Business? Microsoft Defender for Business is a new endpoint security solution that will be available soon in preview. Defender for Business is designed to bring… Read More