Intel’s TDX framework gains a new capability, and a “shadow stack” in Xeon’s fourth generation aims to knock out a dangerous cyberattack method. READ MORE HERE…Read more
The year highlighted how vulnerable the technology sector is to the vagaries of geopolitics and the macroeconomy, as IT giants laid off workers, regulators cracked down on tech rule-breakers, nations negotiated data security regulations, the US-China chip war widened, and the Ukraine war disrupted business as usual. READ MORE HERE…Read more
Microsoft discovered a vulnerability in macOS, referred to as “Achilles”, allowing attackers to bypass application execution restrictions enforced by the Gatekeeper security mechanism.
The post Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability appeared first on Microsoft Security Blog. READ MORE HERE…
Backup and recovery systems are at risk for two types of ransomware attacks: encryption and exfiltration – and most on-premises backup servers are wide open to both. This makes backup systems themselves the primary target of some ransomware groups, and warrants special attention.Hackers understand that backup servers are often under-protected and administered by junior personnel that are less well versed in information security. And it seems no one wants to do something about it lest they become the new backup expert responsible for the server. This is an age-old problem that can allow backup systems to pass under the radar of sound processes that protect most servers.To read this article in full, please click here READ MORE HERE…Read more
The updated threat matrix for Kubernetes comes in a new format that simplifies usage of the knowledge base and with new content to help mitigate threats.
The post Mitigate threats with the new threat matrix for Kubernetes appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.
The post DEV-0139 launches targeted attacks against the cryptocurrency industry appeared first on Microsoft Security Blog. READ MORE HERE…
The job of a network engineer just keeps getting more complicated. Mission critical applications are competing for bandwidth. The sheer number of devices is exploding, driven by IoT. And the network itself if being extended to the cloud, the edge and to the home office. And then there’s cybersecurity to worry about. Attacks are on the rise across the board, and attackers are constantly looking for vulnerabilities or backdoors, upping the need for solid and secure networking to act as an early warning system for cybersecurity defenses.Thankfully, there are many great tools available to help network engineers complete their never-ending tasks. And many of them are available for free. Here’s our list of 12 killer network tools that won’t break the bank. To read this article in full, please click here READ MORE HERE…Read more
As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.
The post Vulnerable SDK components lead to supply chain risks in IoT and OT environments appeared first on Microsoft Security Blog. READ MORE HERE…
On the surface, Active Directory groups are a simple and straightforward way to manage identities (users and/or computers) and assign permissions. Users or computers are added as group members, and the group is referenced in access control lists (ACL) on file shares, mailboxes, applications, or other corporate resources. But experienced admins know that this simplicity quickly goes out the window as environments scale. As group memberships grow, management of memberships becomes increasingly complex.Over the years, Microsoft and others have developed best practices for managing groups and permissions in an Active Directory environment. These strategies are something of a lost art, but there’s value to be gained by leveraging these layers of sophistication.To read this article in full, please click here READ MORE HERE…Read more
Dell Technologies has announced new products and services for data protection as part of its security portfolio.Active data protection is often treated as something of an afterthought, especially compared to disaster recovery. Yet it’s certainly a problem for companies. According to Dell’s recent Global Data Protection Index (GDPI) research, organizations are experiencing higher levels of disasters than in previous years, many of them man-made. In the past year, cyberattacks accounted for 48% of all disasters, up from 37% in 2021, and are the leading cause of data disruption.One of the major stumbling blocks in deploying data-protection capabilities is the complexity of the rollout. Specialized expertise is often required, and products from multiple vendors are often involved. Even the hyperscalers are challenged to provide multicloud data-protection services.To read this article in full, please click here READ MORE HERE…Read more