Security

Microsoft has announced that its Entra Permissions Management solution is now generally available for enterprise customers. It’s a cloud-based infrastructure entitlement management (CIEM) service that provides insights into permissions for all user and workload identities in multi-cloud environments. Microsoft Entra Permissions Management (formerly known as Cloud Knox Security) launched in public preview back in February….

In this Ask the Admin, I’ll explain how to resolve an RDP error that might appear after the May 2018 cumulative updates.

By the time you read this, it will be 2020. I hope you have had a great holiday season and are feeling all relaxed and ready for a new semester of Azure action.

Microsoft has released a new mobile network protection feature for its Microsoft Defender for Endpoint (MDE) solution. The new capability helps organizations protect Android and iOS devices against security threats originating from wireless connections. The mobile network protection feature is designed to offer protection against malicious attacks and bogus certificates targeting Wi-Fi networks in enterprise…

Security vendor Kaspersky has warned about a new malware that allows attackers to backdoor Microsoft Exchange servers. Dubbed SessionManager, the malicious tool has been used for the past 15 months to target NGOs, government agencies, military as well as industrial organizations across Europe, South America, Asia, and Africa. As reported by the Kaspersky researchers, the…

Microsoft Defender Vulnerability Management is getting a new update that allows IT Pros to gain insights about vulnerable software and devices. The new CVE reporting feature is currently available in public preview for all commercial customers. For those unfamiliar, Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed software vulnerabilities. The Microsoft Defender…

Microsoft Defender for Identity is getting a new update that enables IT admins to identify insecure domain configurations in their environments. These security capabilities aim to protect businesses from Kerberos resource-based constrained delegation relay attacks. Specifically, Microsoft Defender for Identity provides real-time monitoring to detect two default configurations that are vulnerable to security breaches. These…

The US Cybersecurity and Infrastructure Agency (CISA) has warned that attackers are still exploiting the Log4Shell flaw to target VMware’s Horizon and Unified Access Gateway (UAG) servers. The security agency advised IT admins to immediately patch their servers running vulnerable Log4j versions. The Apache Software Foundation first disclosed the Log4Shell flaw, tracked as CVE-2021-44228, back…

Microsoft has announced that it’s expanding the Secured-core initiative to enhance the security of Internet of Things (IoT) devices. The company has also launched new Edge Secured-core certified devices designed to provide greater protection against firmware-based attacks. Microsoft first unveiled its certification program for secured-core Windows 10 PCs back in 2019. Last year, the company…

QNAP has released a patch to address a new PHP security vulnerability that affects specific configurations of its Network Attached Storage (NAS) devices. The company has urged its customers to update their systems to protect against remote code execution (RCE) attacks. Tracked as CVE-2019-11043, the security flaw was first reported to QNAP three years ago,…