Security

Microsoft Defender for Identity is getting a new update that enables IT admins to identify insecure domain configurations in their environments. These security capabilities aim to protect businesses from Kerberos resource-based constrained delegation relay attacks. Specifically, Microsoft Defender for Identity provides real-time monitoring to detect two default configurations that are vulnerable to security breaches. These…

The US Cybersecurity and Infrastructure Agency (CISA) has warned that attackers are still exploiting the Log4Shell flaw to target VMware’s Horizon and Unified Access Gateway (UAG) servers. The security agency advised IT admins to immediately patch their servers running vulnerable Log4j versions. The Apache Software Foundation first disclosed the Log4Shell flaw, tracked as CVE-2021-44228, back…

Microsoft has announced that it’s expanding the Secured-core initiative to enhance the security of Internet of Things (IoT) devices. The company has also launched new Edge Secured-core certified devices designed to provide greater protection against firmware-based attacks. Microsoft first unveiled its certification program for secured-core Windows 10 PCs back in 2019. Last year, the company…

QNAP has released a patch to address a new PHP security vulnerability that affects specific configurations of its Network Attached Storage (NAS) devices. The company has urged its customers to update their systems to protect against remote code execution (RCE) attacks. Tracked as CVE-2019-11043, the security flaw was first reported to QNAP three years ago,…

QNAP has published an advisory about a new stream of DeadBolt ransomware attacks targetting its network-attached storage (NAS) devices worldwide. The company advises customers to immediately update their devices to the latest versions of QTS or QuTS hero operating systems. The latest DeadBolt ransomware campaign follows the previous attacks reported back in January, March, and…

Microsoft has launched a new Microsoft Defender for individuals app today. The new security offering for consumers is now available for Microsoft 365 subscribers in select markets across Windows, macOS, Android, and iOS. Microsoft Defender for individuals first debuted in preview in the US back in February this year. It provides a centralized dashboard, which…

Microsoft announced yesterday that it has entered into a definitive agreement to acquire Miburo, a New York-based cyber threat analysis company. The Redmond giant plans to leverage Miburo’s expertise in global threat intelligence to help customers counter foreign cyber attacks and state-backed information operations. Miburo was founded in 2012 by cybersecurity expert Clint Watts, who…

World events since March 2020 have highlighted one of the key benefits of Office 365 and cloud-based SaaS services in general: they are available any time, any place, on any device.  As the world was forced to work from home, Office 365 apps such as Teams, Outlook, SharePoint, and OneDrive could easily be accessed outwith…

Security researchers have discovered a new Linux malware dubbed Symbiote that uses sophisticated techniques to hide its presence on compromised systems. The malware appears to be targeting financial institutions in Latin America, including Brazil. Specifically, cyber security researchers from Intezer and The BlackBerry Threat Research & Intelligence Team first detected Symbiote in November 2021. The…

Microsoft announced a significant revamp of its Azure Purview data-governance platform. The Redmond giant is rebranding the service as “Microsoft Purview” and also rolling out new Microsoft 365 compliance capabilities to the suite. The new Microsoft Purview suite provides customers with compliance tools that allow them to view all their data assets in one place….