Microsoft has decided to effectively delay the deprecation of Remote PowerShell in Exchange Online in order to allow customers more time to migrate to the more secure REST-based v3 PowerShell module.
Security RSS
The latest edition of Microsoft Weekly is filled to the brim with news about updates to Microsoft 365 apps and services like Teams and Edge, new features and bugs in Windows, and Copilot upgrades.
U.S. federal cybersecurity agency CISA has developed a Python-based utility to detect signs of hacking in Microsoft cloud environments including Microsoft 365, Azure, and Azure Active Directory (AAD).
Google's Project Zero security team has publicly disclosed multiple flaws in certain Linux kernels and distros following Red Hat's inability to fix them within the 90-day deadline assigned by Google.
Our latest edition of Microsoft Weekly is jampacked with news about Microsoft handing out free USBs to Insiders, the integration of AI in even more Redmond products, and pirated Windows (!).
New Zealand is the latest country to ban its governmental employees from using TikTok. It fears that the app could collect sensitive data which could get into the hands of the Chinese government.
Cyberattacks and other factors will help to push up security spending this year by 12.1% to $219 billion, according to a forecast by IDC. The spending includes investments in hardware and software.
A new research paper discovered 721.5 million credentials exposed online. According to the study, 50% of the data came from botnets that deployed information-stealing malware to victims' devices.
TinyWall is a free software to harden and control the advanced firewall built into modern Windows systems. TinyWall lets you work while protecting you. No annoying popups and simple configuration.
Microsoft has disabled the Remote Mailslot legacy protocol by default in Windows 11 build 25314. A senior Microsoft manager has called it "disgusting" and "crap", saying that it will be removed soon.
Microsoft's Security Intelligence team recently found that threat actors behind business email compromise attacks are now moving quickly to avoid detection and stop victims from blocking the attack.
The second Developer Preview of Android 14 is here that includes several enhancements to privacy and security, such as selected photos access, credential manager, safer implicit intents, and more.
Starting with Chrome version 111, the Chrome Cleanup Tool will be turned off for Windows users due to a decline in user complaints about unwanted software and improved defenses against malware.
Google One subscribers can now get VPN access on all plans and dark web monitoring reports to see if their information is being illicitly sold on shady forums. The Basic plan starts at $1.99.
A new Microsoft Intune Suite has launched today with the aim of helping security teams bolster endpoint security. Microsoft says the solution will help businesses to reduce their security costs.
The United States Marshals Services has suffered a major security breach that compromised the department's sensitive law enforcement information followed by a ransomware attack.
The satellite TV service stated some of its customer call centers are still being affected by this cyber attack, and that some "data was extracted," but Dish Network didn't offer any details.
In an email to Microsoft 365 subscribers, Microsoft is informing customers that the Microsoft Defender app will automatically be installed on their Windows 10 and Windows 11 PCs soon.
Telecommunications company Telus is looking into the possibility of a data breach. This comes after a cybercriminal allegedly gained access to employee data, GitHub repositories, and more.
Microsoft has recommended IT admins to remove certain objects from antivirus exclusions in Exchange Server environments. This will result in a better cybersecurity posture for your organization.
An information-stealing malware called "Stealc" was recently seen being advertised to other cybercriminals on the dark web. It can also be contracted through fake software crack websites.
Microsoft will be enabling some DCOM protocol hardening changes by default with next month's Patch Tuesday. This may result in interoperability issues between networked client and server devices.
The popular password manager is going to be rolling out its new, passwordless login option soon, in the form of a combination of biometrics and passkey protection to unlock the application.
Inda has banned over 200 mobile apps and services operating in the country. While some of these were created by Indian developers, they are suspected of transferring customer data to China.
Security practitioners have been giving all sorts of advice for decades about how to avoid getting your resources infected from downloads. But how clear and how relevant is that messaging today?
SH1MMER, a dangerous new ChromeOS exploit that was released on Friday the 13th, has flown under the radar for two weeks, and there's nothing stopping you from having a little fun with it.
Canonical has made Ubuntu Pro generally available. It enables you to run Ubuntu LTS releases past their expiry dates and delivers security updates to more programs. It has been in beta since October.
Tails 5.9 has been released bringing a lot of fixes and workarounds to address issues introduced in the last version. The developers apologized for the impact issues had on Tails users.
Meta has said it will randomly convert some Messenger conversations into encrypted chats in the coming months, by random selection. It has also enabled some new features in encrypted chats.
Ubuntu 18.04 LTS and Linux Mint 19.x will lose support this April. Anyone still running these or other Ubuntu 18.04-based distributions is urged to upgrade systems to stay protected.
MSI motherboards, from both Intel and AMD, have been vulnerable due to a broken Secure Boot firmware setting issue. The bug would allow potentially malicious files to boot into an affected system.
Join us in a jampacked week in a new edition of Microsoft Weekly as we recap all the important stuff from the world of the Redmond tech giant, including the death of Windows 8.1 and a Teams paywall.
Microsoft has made an important change in recent Windows 11 Pro Insider Preview builds by disabling SMB guest authentication fallbacks by default. This has been done to improve the security of the OS.
Microsoft has rolled out January 2023's Security Updates (SUs) for support versions of Exchange Server. They include better security for PowerShell payloads, along with a known bug for OWA.
Microsoft has released update KB5022303 for Windows 11 as part of Patch Tuesday. It's the first one right after the holidays so the highlights are a bit more scarce than usual but worth reading.
Python developers who spent some time coding over the holiday break may want to check out an advisory regarding a malicious PyTorch package that was being fetched from PyPI last week.
A security researcher recently discovered serious vulnerabilities in Google Home smart speakers that could allow an attacker to install a "backdoor" account on the device and gain remote access.
Access management solutions provider Okta recently had its GitHub source code repositories hacked. The company assures the public that no customer data was stolen, and Okta remains operational.
A malware campaign is using fraudulent loan apps to trick unsuspecting users into giving out their private information. The apps have amassed over 100,000 downloads from unofficial app stores.
Google says that it won't disable Manifest V2 in January 2023 in developer-focused builds like Dev, Canary, and Beta as earlier planned due to insufficient time for testing and unresolved bugs.