Badri Narayanan

During the Feb 23rd senate hearing on SolarWinds Orion software hack, George Kurtz, president, and CEO of CrowdStrike pointed towards an ‘architectural limitation’ in Active Directory federation Service that was taken advantage of during the attack. “Significantly, one of the most sophisticated aspects of the StellarParticle campaign was how skillfully the threat actor took advantage of…

Microsoft is helping organizations that are investigating whether they are victims of the Solorigate attack by offering them a free tool, the CodeQL queries that the company used to scan its source code for after the attack. the queries Microsoft used with CodeQL identify any code that is similar in pattern and function to the SolarWinds malware. So, these queries can be used on any software to do…

Microsoft recently released a couple of new additional features to its Azure AD system. The new features, namely My Apps Collections and Risk Detections will let end users create their own set of apps in the Azure AD “My Apps” portal. The latter feature will help administrators spot sign-in anomalies. However, Microsoft also announced that some Azure AD features will also be discontinued. A…

Microsoft recently announced the release of new features such as “password management and autofill capability” in their Authenticator app for mobile devices. The app also supports two-factor authentication and is compatible on both Android and iOS devices. The feature that allows users to use the Microsoft Authenticator app to save passwords and automatically populate sign-in fields was in…

On March 2, Microsoft released emergency security updates to plug four security loopholes in Exchange Server versions 2013 through 2019. Chinese state-sponsored cyber-espionage unit was using these security loopholes to sniff into email conversations of victim organizations. At least 30,000 organizations in the United States alone are believed to be hacked by the espionage group to siphon email…