Get expert advice on how to bridge gaps between your SOC and NOC and enable Zero Trust security in today’s rapidly evolving threat landscape.
The post Align your security and network teams to Zero Trust security demands appeared first on Microsoft Security Blog. READ MORE HERE…
A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) and Apple released a fix.
The post New macOS vulnerability, “powerdir,” could lead to unauthorized user data access appeared first on Microsoft Security Blog. READ MORE HERE…
Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here READ MORE HERE…
Enterprise firewalls have been the quintessential security device for decades, standing guard at the perimeter, inspecting all inbound and outbound traffic for malware. So, what happens to firewalls as the perimeter fades away? They evolve.Today’s firewalls are an essential piece of the enterprise security puzzle. They’ve become the foundational device upon which security vendors have stacked all of their advanced features. Cloud-based, next-generation firewalls (firewall-as-a-service) are a core component of any secure access service edge (SASE) deployment. VPN remote access for work-at-home employees typically terminates at a firewall. And firewalls play a key role in zero-trust network access (ZTNA), serving as the device that enforces access control policies and network segmentation rules.To read this article in full, please click here READ MORE HERE…
Taurus SA Co-founder and Chief Security Officer Jean-Philippe “JP” Aumasson shares how the discipline of cryptography will impact cybersecurity strategy.
The post What you need to know about how cryptography impacts your security strategy appeared first on Microsoft Security Blog. READ MORE HERE…
After nearly two years of adopting major network and security changes wrought by COVID-19 and hybrid work, weary IT network and security teams didn’t need another big issue to take care of, but they have one: Stemming potential damage from the recently disclosed vulnerability in open source Java-logging Apache Log4j software. Log4j or Log4Shell has been around a long time—it was released in January, 2001—and is widely used in all manner of enterprise and consumer services, websites, and applications. Experts describe the system as an easy-to-use common utility to support client/server application development.To read this article in full, please click here READ MORE HERE…
In the final post of a four-part series on the NOBELIUM nation-state attack, we explore key findings from the after-action report on the attack.
The post The final report on NOBELIUM’s unprecedented nation-state attack appeared first on Microsoft Security Blog. READ MORE HERE…
Cellebrite Senior Director of Digital Intelligence Heather Mahalik offers an inside look at mobile forensics and shares how to think about the function in your organization.
The post Your guide to mobile digital forensics appeared first on Microsoft Security Blog. READ MORE HERE…
Get technical information about attacks that Microsoft has observed taking advantage of CVE-2021-44228, a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell”, and guidance for detecting and investigating attacks.
The post Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation appeared first on Microsoft Security Blog. READ MORE HERE…
Today, we are releasing an AI security risk assessment framework as a step to empower organizations to reliably audit, track, and improve the security of the AI systems. In addition, we are providing new updates to Counterfit, our open-source tool to simplify assessing the security posture of AI systems.
The post Best practices for AI security risk management appeared first on Microsoft Security Blog. READ MORE HERE…