Security

Microsoft unveiled its plans to disable Excel 4.0 XLM macros by default back in October 2021. The company has now announced that this application policy change is now rolling out to all Microsoft 365 tenants and it aims to protect customers from malicious documents. For those unfamiliar with Excel 4.0 macros (XLM), this is a…

Amazon Web Services has announced some important updates for its AWS Firewall Manager service. The company says that the popular security management tool has added support for AWS Shield Advanced automatic application layer DDoS mitigation. For those unfamiliar, AWS Network Firewall is a security management service that allows users to configure and manage their firewall…

Microsoft patches a wormable bug in http.sys in Windows and Windows Server. There are also fixes for three remote code execution vulnerabilities in Exchange Server. And Adobe releases fixes for 26 flaws in Acrobat and Reader. So, let’s get started! Windows and Windows Server This month there are fixes for six zero-days in Windows and…

SonicWall, the cyber-security provider has announced that the Y2K22 bug has affected some of its email security and firewall products. The company released new patches last week to address the issue, which has been causing junk box and message log updates failures since January 1, 2022. As the cyber-security firm explained, the SonicWall Y2K22 bug…

Microsoft has announced its Defender for Endpoint solution has added support for zero-touch onboarding on iOS. This feature is now available in public preview, and it should enable IT administrators to quietly install the Microsoft Defender for Endpoint app on enrolled iOS devices without any user interaction. “With this new capability, enterprises can now deploy…

Microsoft unveiled its Pluton security processor back in November 2020, which is designed to make CPUs more secure by protecting PCs from the most sophisticated types of attacks. At CES 2022, Lenovo announced its Ryzen 6000-powered ThinkPad Z-series laptops, including the Lenovo ThinkPad Z13 and Z16.   The new Lenovo ThinkPads are the first Windows…

Security researchers have revealed several new security flaws impacting the “link preview” feature in Microsoft Teams. The cybersecurity company Positive Security discovered four separate vulnerabilities in the feature back in March 2021, which can be exploited by attackers to leak victims’ IP addresses, spoof link previews, and launch denial of service (DoS) attacks targeting Android…

This month, a flaw in the Apache Log4j library causes panic, Microsoft patches 67 new CVEs, 7 of which are rated Critical. And Adobe delivers a boat load of patches to finish off the year in style. So, let’s get started! Apache Log4j remote code execution vulnerability Let’s start this month by talking about Log4Shell…

Microsoft Teams has started rolling out end-to-end encryption (E2EE) support for one-to-one calls. The feature has been available in public preview since October, and it’s now available in the Teams desktop app for Windows and macOS. The end-to-end encryption (E2EE) feature encrypts Microsoft Teams calls at the source and then decrypts the information at the…

Microsoft recently made changes to Azure Active Directory (Azure AD) to mitigate an issue where private key data stored in an Azure AD application or service principal could be read in clear text. Some Azure services were incorrectly storing private key data in Azure AD in the keyCredentials property when creating applications for customers. Microsoft…