- 0
Asked by
Barney T.,
-
Recently Browsing 0 members
No registered users viewing this page.
-
Similar Content
-
By Usama Jawad96
All major Microsoft services will exclusively use SHA-2 from next month
by Usama Jawad
Secure Hash Algorithm 1 (SHA-1) is a 25-year-old method of generating hashes using a cryptographic function. Google successfully managed to demonstrate the weaknesses of the algorithm in 2017 and major browsers also began to block websites using SHA-1 certificates. Similarly, Apple dropped support for it in 2019.
Microsoft has announced that all its major services and processes will be exclusively using SHA-2 from next month.
Background image of micro circuit with binary code via Shutterstock As the name suggests, SHA-2 is an enhanced version of SHA-1, and is more secure and performant. As such, Microsoft will allow the SHA-1 Trusted Root Certificate Authority (CA) to expire, and all major processes such as TLS certificates, file hashing, and code signing will exclusively use SHA-2 from May 9, 2021 at 4PM PT.
This move is not particularly surprising considering that in 2019, Microsoft enforced Windows updates signing via SHA-2 and deprecated SHA-1 signed content from the Download Center in late 2020 too.
Microsoft says that the expiration will only impact SHA-1 certificates that are linked to the associated Root CA. However, certificates that are manually signed using SHA-1 by enterprises themselves will not be impacted. That said, it is obviously recommended that organizations migrate to SHA-2 as well.
Overall, the Redmond tech giant considers the move to be quite "uneventful" as it says that it has done full-fledged testing of major applications and potential issues. Regardless, if organizations face problems, they are recommended to peruse Microsoft's dedicated support article or reach out to the firm's technical teams.
-
By Usama Jawad96
Microsoft releases security updates for Exchange Server following report by the NSA
by Usama Jawad
In March, Exchange Server headlined the cybersecurity news section when it was discovered that it is under attack from state-sponsored groups. Microsoft was quick to release out-of-band updates for both supported and unsupported versions of Exchange, tools to break the attack chain, as well as advisories for customers. As a result of its efforts, hundreds of thousands of on-premises Exhange Server instances were patched against vulnerabilities. It is important to note that Exchange Online was not affected by this incident.
Now, Microsoft has released yet another set of security updates for Exchange Server to tackle newly discovered Remote Code Execution (RCE) vulnerabilities.
This time around, security updates are only available to Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9. If you're not on any of the aforementioned cumulative updates (CUs), Microsoft recommends that you first upgrade to a supported environment and then apply the security updates. Once again, Exchange Online customers do not need to do anything.
The Redmond tech giant says that the April 2021 security updates (SUs) patches RCE vulnerabilities that were privately reported to the firm by the National Security Agency (NSA). Although Microsoft's investigation indicates that the exploit is not being utilized by attackers, it still urges customers to apply the SU as quickly as possible.
It is important to note that since SUs are cumulative, customers who apply the April updates will also be protected against vulnerabilities reported in March. However, customers with SUs released in March are unprotected against these new security flaws. Microsoft has cautioned that unlike last time, it does not plan to release out-of-band SUs for unsupported versions of Exchange Server. There are 47 old CUs affected by this flaw and it's not possible for Microsoft to invest effort in releasing updates for all of them. As such, it recommends updating to a current environment in order to apply the updates. Finally, the company has also noted that SUs have not been released for Exchange Server 2010 as it is unaffected by the latest vulnerabilities. You can find out more about the updates by heading over to Microsoft's blog post here.
-
By zikalify
NortonLifeLock: Two out of every five Americans affected by cybercrime in 2020
by Paul Hill
New data from NortonLifeLock and The Harris Poll has found that nearly 108 million Americans experienced cybercrime in the past 12 months resulting in a cumulative 719 million hours spent trying to resolve issues or about 6.7 hours per person. In total, 10,030 adults from 10 countries were involved in the survey to help shed light on cybersecurity issues.
The survey was conducted in February between the 15th and the 28th. There were around 1,000 respondents from Australia, France, Germany, India, Italy, Japan, Netherlands, New Zealand, United Kingdom, and the United States and the results were weighted to bring them in line with their actual proportions in the population. Weighted variables differed by country but included things like age, gender, ethnicity, region, education, marital status, internet usage, household size and income, size of the place, and propensity to be online.
According to the report, 65% of people are spending more time online as a result of the pandemic and that cybercriminals are taking advantage of this fact by launching attacks against unsuspecting victims. The survey data suggests that 330 million people across the 10 countries were affected by cybercrime and 55 million suffered identity theft. Collectively, it’s predicted that 2.7 billion hours were spent trying to resolve the problems arising from these attacks in the 10 countries.
Commenting on the findings, Paige Hanson, chief of cyber safety education at NortonLifeLock, said:
With regards to people fighting back against cybercrime, NortonLifeLock’s report found that 77% of Americans are taking more precautions online with 99% of those who noticed unauthorized access on an account taking action to improve their cyber safety. Two-thirds created stronger passwords for their account and 51% contacted the company to let them know their account had been hacked. A third of respondents said they turned to family members or the internet for cybersecurity assistance while a fifth invested more money in security software.
Another interesting finding in this study is that those under 40 – those normally portrayed as technically savvy – were less likely to know what to do if their identity was stolen compared to those over 40 (62% vs. 37%).
While there are many internet security suites including Norton Internet Security, common sense and caution go a long way in helping you stay safe online. In addition to security software, you should be careful clicking any links you receive, make sure you use different passwords, and ensure all the software you use is kept up-to-date.
-
By News Staff
The Essential Guide to Security - free eBook download
by Steven Parker
Claim this complimentary eBook for free today, before the offer expires.
What's it about?
How to Get Started Using Splunk’s Security Suite to Solve Your Everyday Challenges
What’s your plan for cybersecurity? Are you simply “planning for the worst, but hoping for the best?” With digital technology touching every part of our lives and new threats popping up daily, it’s imperative that your organization is precise, informed and prepared when it comes to defending your assets and hunting your adversaries.
High-profile breaches, global ransomware attacks and the scourge of cryptomining are good enough reasons why your organization needs to collect, leverage and understand the right data.
You’ll also need to implement the right processes and procedures, often alongside new technologies, methods and requirements–all with an ever-increasing velocity and variety of machine data.
So how can you best defend your organization and hunt down new adversaries? Ultimately, by taking a holistic approach to your defense system across the enterprise. This is why Splunk believes every organization needs a security nerve center, implemented by following a six-stage security journey that we will describe for you.
How to get it
Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!
>> The Essential Guide to Security - free eBook download <<
Offered by Splunk, view other free resources | Limited time offer
Not for you?
That's OK, there are other free eBooks on offer you can check out here.
Enter giveaways: Polycade Home Arcade | $5K in cash | $10K in Crypto Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store
Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.
-
By hellowalkman
Microsoft Defender for Endpoint now generally available on Windows 10 on ARM devices
by Sayan Sen
Microsoft announced today that it has expanded support for Microsoft Defender for Endpoint (formerly known as Microsoft Defender Advanced Threat Protection) to Windows 10 on ARM and the feature is now generally available on all such devices. Microsoft Defender for Endpoint (MDE) is a cloud-powered enterprise endpoint security solution provided by Microsoft for the protection and security of endpoint devices on an enterprise network.
Microsoft believes that the shift to ARM devices is essential as the inherent efficiency of the ARM architecture allows for various form factor devices and enables people to gradually adapt to a new hybrid work environment nowadays. Of course, the security of such devices, Microsoft feels, must be of utmost importance to the enterprises. Here's what the Redmond firm has to say:
In terms of usability, Microsoft says that MDE for ARM devices will have the same exact layout and features as traditional x86 PCs, which means it is accessible from the Microsoft Defender Security Center portal, and such. Support for the onboarding of devices is also available.
If you wish to try out Microsoft Defender for Endpoint you can do always do so by visiting this page on the company's official site.
Source: Microsoft
-
Question
This topic is for the placement of links to how-to articles, tips, FAQs, or helpful information related to internet, network, and security. Please post links to the actual articles.
Internet Basics
Networking Basics
Security Basics
Security Tools
Security Tools for basic users:
FAQ's
Link to post
Share on other sites
17 answers to this question
Recommended Posts