Microsoft recently apologized for an Azure Active Directory issue that disrupted access to Office 365 applications and the Azure Admin Portal for two hours or more for some users. Microsoft conducted a root cause analysis in an attempt to offer an explanation on what caused the outage.
In the root cause analysis notice, Microsoft said that a cross-cloud migration operation that was intended to…
Hackers responsible for the SolarWinds hack also have their hands on Azure and Exchange source code
March 3, 2021
In an update released this Thursday, Microsoft disclosed that the hackers responsible for the SolarWinds attack have also stolen some source code related to Azure, Exchange, and Intune components. However, the tech giant added that their investigation did not point to any evidence of abuse targeted at their internal systems and its customers.
Microsoft took notice of this compromise back on…
Microsoft announced improvements in Azure Active Directory Conditional Access Policy and Sync
March 3, 2021
Microsoft has recently announced improvements to Azure Active Directory conditional access policy and sync services. The company also outlined security best practices for organizations across the world using on-premises Active Directory and Azure AD for identity and access management.
Microsoft is advocating organizations to adopt zero trust for network traffic with Active Directory along with…
Time to update: Google just fixed an actively exploited zero-day vulnerability in the Chrome browser
March 3, 2021
Google recently patched a potentially disastrous zero-day vulnerability in the desktop app of the Chrome web browser. The company also acknowledged that the exploit is being actively exploited in the wild.
In the recent release update from the Chrome team, it patched the issue with an update for the Windows, Mac, and Linux app to fix the heap buffer overflow flaw (CVE-2021-21148) in its V8…
The year 2020 has been quite tumultuous for IT pros. Organizations were tested on their cyber resilience like never before. IT teams were forced to quickly come up with sweeping changes to enable remote work for employees and ensure business continuity.
As a result, many organizations were forced to prioritize service availability over security. This has unsurprisingly paved the way for…
According to new research by theHIPAA Journal, the start of 2021 has seen a 48% reduction in the month-on-month healthcare data breaches of 500 or more records in the United States.
Compared to 62 incidents of data breaches reported in December last year, only 32 such incidents were reported in the first month this year. However, it is also important to note that though this number is…
The Zerologon vulnerability gained spotlight around late September 2020. By then, Microsoft had already released a partial patch for the flaw. However, most Active Directory admins chose to ignore the incomplete patch fearing it might cause network issues, despite it being recommended by Microsoft and the the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
If you weren’t aware…
A ransomware attack on California DMV’s third party vendor, Automatic Funds Transfer Services Inc. In February may have potentially put millions of customer data at risk. Following the attack, the DMV said that it halted all data transfer operations to the Seattle-based company and immediately notified law enforcement officers including the Federal Bureau of Investigation.
“AFTS does not…
Sequoia Capital, a venture capital firm based in California’s Silicon Valley informed its investors that after an employee’s email fell victim to a successful phishing attack, some personal and financial information may have been accessed by a third-party, according to Axios.
A Sequoia spokesperson said that law enforcement was notified and they have hired leading cybersecurity experts to…
Early this month, Google published astable channel updatefor Chrome for Desktop. The new version (88.0.4324.150) released by Google for Windows, Mac, and Linux contains a critical bugfix for a zero-day vulnerability that was exploited in the wild.
This zero-day, labeled CVE-2021-21148, is a “heap overflow” memory corruption bug in the V8— Google Chrome’s open-source…