Azure admins warned to disable shared key access as backdoor attack detailed
The default is that sharing is caring as Redmond admits: 'These permissions could be abused'A design flaw in Microsoft Azure – that shared key authorization is enabled by default when creating storage...
View ArticleUS cyber chiefs warn AI will help crooks, China develop nastier cyberattacks...
It's not all doom and gloom because ML also amplifies defensive efforts, probablyBots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware...
View ArticleWhile Twitter wants to sell its verification, Microsoft will do it for free...
Redmond expands a digital ID process for its platform as Musk seeks cash for blue check marksAs Elon Musk tears at Twitter's credibility by demanding businesses and individuals pay for their blue...
View ArticleCompatibility mess breaks not one but two Windows password tools
Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft saysIntegrating the Local Administrator Password Solution (LAPS) into Windows and Windows Server that came with...
View ArticleRussian snoops just love invading unpatched Cisco gear, America and UK warn
Spying on foreign targets? That's our job!The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance.…
View ArticleMicrosoft pushes for more women in cybersecurity
Redmond tops industry average, still got a way to goMicrosoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details.…
View ArticleThat 3CX supply chain attack keeps getting worse: Other vendors hit
Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulnsIn Brief We thought it was probably the case when the news came out, but now it's been...
View ArticleMicrosoft is busy rewriting core Windows code in memory-safe Rust
Now that's a C change we can backMicrosoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers.…
View ArticleInsurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout
'The get-out-of-jail-free card option has been removed' as one expert put itMerck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its...
View ArticleDump these insecure phone adapters because we're not fixing them, says Cisco
Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availabilityThere is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take...
View ArticleModern Auth comes to on-prem Exchange Server gear
Guess this'll have to do while we wait for *checks notes* ES 2025Microsoft last year said that it was putting off the next version of Exchange Server until the second half of 2025 so engineers could...
View ArticleSonatype axes 14 percent of staff, reminds them not to talk to the press
Workers slam 'horrendous' handling of layoffs that left even 'engineering managers in the dark'Exclusive Software supply chain management biz Sonatype has laid off 14 percent of its global workforce,...
View ArticleNo more macros? No problem, say miscreants, we'll adapt
Microsoft blocking 'net scripts sparked 'monumental shift' in attacksMicrosoft's decision to block internet-sourced macros by default last year is forcing attackers to find new and creative ways to...
View ArticleDon't panic. Google offering scary .zip and .mov domains is not the end of...
Did we forget about .pl, .sh and oh yeah, .com ?Comment In early May, Google Domains added support for eight new top-level domains, two of which – .zip, and .mov – raised the hackles of the security...
View Article'Strictly limit' remote desktop – unless you like catching BianLian ransomware
Do it or don't. We're not cops. But the FBI are, and they have this to sayThe FBI and friends have warned organizations to "strictly limit the use of RDP and other remote desktop services" to avoid...
View ArticleMicrosoft decides it will be the one to choose which secure login method you use
Certificate-based authentication comes first and phones lastMicrosoft wants to take the decision of which multi-factor authentication (MFA) method to use out of the users' hands and into its own.…
View Article90+ orgs tell Slack to stop slacking when it comes to full encryption
Protests planned for Wednesday in San Francisco and DenverA coalition of 90-plus groups, including Fight for the Future and Mozilla, will descend upon Slack's offices in San Francisco and Denver on...
View ArticleMicrosoft stashes nearly half a billion in case LinkedIn data drama hits
Irish regulators sniffing around Facebook-for-suits subsidiary have threatened fineMicrosoft has warned investors about a "non-public" draft decision by Irish regulators against LinkedIn for allegedly...
View ArticleSEC drops 42 cases after staff bungle data protection
Corporate watchdog fouled its info-separation regime, let the wrong people read sensitive docsThe US Securities and Exchange Commission (SEC) has dismissed proceedings against 42 companies and...
View ArticleUS govt now bans TikTok from contractors' work gear
BYODALAINGTI (as long as it's not got TikTok installed)The US federal government's ban on TikTok has been extended to include devices used by its many contractors - even those that are privately owned....
View Article
