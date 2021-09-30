CreatorsPublishersAdvertisers
View more in
Software

Microsoft Will Mitigate Brute-Force Bug in Azure AD

By Jeremy Kirk
Bank Info Security
 6 days ago

Cover picture for the articleMicrosoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory. The issue was reported to Microsoft by SecureWorks on June 29 although at least one other researcher, Dirk-jan Mollema,...

www.bankinfosecurity.com

Comments / 0

Related
CNET

Windows 11 and Android apps: They're coming eventually, but Microsoft hasn't said when

One of the more exciting Windows 11 features Microsoft teased at its announcement event earlier this year was the ability to use Android apps on Windows devices. But if you were excited about Microsoft bringing Android apps to its app store, we've got bad news. Though Windows 11 will be released on Oct. 5 (with a staggered rollout), Android apps won't actually be part of Windows 11 on launch day. A date still hasn't been confirmed for when they will be available to the public.
SOFTWARE
TechRadar

Microsoft Outlook users report frustrating search, security keys bugs

Microsoft is investigating several issues with Outlook for PC that have resulted in unexpected behavior, and even causing breakage in the app’s user experience. According to the software giant, the issues are related to security keys, search results, and other aspects of the popular email client. As the company explains,...
SOFTWARE
CSO

How to mitigate the Microsoft Office zero-day attack

Once again attackers have used Office files in targeted attacks against Microsoft users. This time they used the Windows Explorer preview pane to deliver malicious .doc, .docm, and .docx files. Researchers have found that malicious .rtf files can also be used in such attacks. For this exploit, an attacker crafts a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.
SOFTWARE
thurrott.com

Microsoft is Investigating a Major Exchange Bug

Researchers have discovered an Exchange Autodiscover flaw that can be used to steal Windows users’ credentials. Microsoft says it is investigating. “Autodiscover, a protocol used by Microsoft Exchange for automatic configuration of clients such as Microsoft Outlook, has a design flaw that causes the protocol to ‘leak’ web requests to Autodiscover domains outside of the user’s domain but in the same TLD [top-level domain],” Guardicore’s Amit Serper writes of his firm’s discovery. “This is a severe security issue, since if an attacker can control such domains or has the ability to ‘sniff’ traffic in the same network, they can capture domain credentials in plain text. Moreover, if the attacker has DNS-poisoning capabilities on a large scale (such as a nation-state attacker), they could systematically siphon out leaky passwords through a large-scale DNS poisoning campaign based on these Autodiscover TLDs.”
SOFTWARE
IN THIS ARTICLE
#Private Security#Secureworks#Ars Technica#Azure Active Directory#Mfa
windowsreport.com

Thousands of windows credentials leaked in Microsoft Exchange Autodiscover bug

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com,... Read more. Security experts have discovered a design flaw in Microsoft Exchange email server. The bug...
SOFTWARE
Redmondmag.com

Microsoft Highlights Windows Server 2022 Integration with Azure Services in Summit Talk

Microsoft had a lot to say about Windows Server 2022 in its 1.5-hour Windows Server Summit online event, held on Sept. 16. Many of Windows Server 2022's features are associated with security enhancements, although there are some performance improvements, such as SMB compression, which speeds up file transfers. A new Security Baseline release for Windows Server 2022 was announced earlier this month.
SOFTWARE
Redmondmag.com

Microsoft Exchange Emergency Mitigation Service Coming Sept. 28

Organizations using Exchange Server will get a new automated emergency mitigation tool after installing Microsoft's September cumulative updates (CUs), the Exchange team announced on Friday. This new tool, called the "Microsoft Exchange Emergency Mitigation service," is an automated Exchange Server component that's expected to arrive with the Sept. 28 cumulative...
SOFTWARE
YOU MAY ALSO LIKE
NewsBreak
Microsoft
Country
Finland
NewsBreak
Technology
NewsBreak
Computers
NewsBreak
Software
The Hacker News

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific...
SOFTWARE
softpedia.com

Microsoft Azure Storage Explorer 1.21.1

Microsoft Azure is a cloud-based platform specially designed to provide a secure and unified environment for building, deploying and managing apps or services. Azure Storage is a Microsoft-vetted platform that encompasses storage services for blobs, tables, queues and files. This said, Microsoft Azure Storage Explorer is a useful piece of...
SOFTWARE
Itproportal

Microsoft cloud storage: is OneDrive or Azure right for your business?

Microsoft is one of the best cloud storage providers, and offers some of the best cloud storage for business too. But before you can dive into Microsoft cloud storage, you have to choose between two different products: OneDrive and Azure. Microsoft OneDrive is a file storage service that integrates with...
COMPUTERS
Dark Reading

Primer: Microsoft Active Directory Security for AD Admins

Microsoft Active Directory (AD) is the most common directory services product in the world, used by most of the Fortune 1000 for identity and access management. Unfortunately, it can also be a nightmare to secure. In addition, its administrators are often unaware of the security ramifications of their actions – not that security is necessarily their responsibility – or how they can harden their environments.
SOFTWARE
wccftech.com

Microsoft Fixes Unresponsive Apps Bug Introduced by Windows 10 Update KB5005101

Microsoft has resolved a bug introduced by Windows 10 update KB5005101 that resulted in apps failing to open for some users. Apps would also become unresponsive or close unexpectedly for devices using Microsoft Exploit Protection Export Address Filtering (EAF). The problem impacted the latest Windows 10 version 21H1, version 20H2, version 2004, version 1909, version 1809, and Windows 10 Enterprise LTSC 2019.
SOFTWARE
bleepingcomputer.com

Microsoft: Nobelium hackers backdoor AD FS servers for data theft

Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and harvest and exfiltrate sensitive info from Active Directory Federation Services (AD FS) servers. Nobelium, the threat actor behind last year's SolarWinds supply-chain attack that led to the compromise of several US federal agencies, is...
SOFTWARE
American Banker

Why Wells Fargo picked both Microsoft Azure and Google Cloud

Security. Privacy. Control. For years, these were serious concerns that held back large banks from running critical applications in the public cloud. Those worries are now being addressed as more financial institutions move computing work to the cloud. JPMorgan Chase recently said it will operate its U.S. retail bank using...
BUSINESS
xda-developers

Microsoft still cares about Skype and it’s adding a ton of new features

With Windows 11, Microsoft is finally integrating Teams directly into the operating system, and it would seem that the company is getting ready to leave Skype behind. At least, that’s what we thought. Today, the Skype team announced a huge set of new features coming to Skype in the near future, promising to make the app better at just about every level. If you didn’t want to move on to Teams, it looks like Skype is “here to stay”, according to Microsoft’s blog post.
TECHNOLOGY
atlantanews.net

+27% CAGR Kubernetes and Container Security Solution Market Will Reach by USD 3053.0 million by 2026 | Google, Amazon, AWS, Microsoft Azure, IBM, Oracle, VMware

The prime objective of the Kubernetes and Container Security Solution Market report is to help the reader understand the market in terms of its definition, segmentation, market potential, influential trends, and the challenges that the market is facing with major regions and emerging countries. The readers will find this report very helpful in understanding the market in depth. Data and market information are obtained from reliable sources such as websites, company annual reports, newspapers, etc., and have been checked and validated by industry experts.
BUSINESS

Comments / 0

Community Policy