Microsoft's security roadmap: Protect secrets in Azure DevOps
You can’t steal what you can’t access ... we hope
Sysadmin Month16 Jul 2023 | 2
Authentication
Modern Auth comes to on-prem Exchange Server gear
Guess this'll have to do while we wait for *checks notes* ES 2025
CSO08 May 2023 | 2
Microsoft switches gears, keeps Exchange Online's CARs around until Sept 2024
At least Redmond listens to some customers
SaaS10 Apr 2023 | 1
French parliament says oui to AI surveillance for 2024 Paris Olympics
Liberté, égalité, reconnaissance faciale for all
Security24 Mar 2023 | 47
Microsoft freaks out users with Windows 11 warning: 'LSA protection is off'
Alerts telling folks their 'device may be vulnerable' triggered by KB5007651
OSes22 Mar 2023 | 52
Attackers abuse Microsoft’s 'verified publisher' status to steal data
Malicious OAuth apps were the tickets into victims' systems
Security01 Feb 2023 | 7
BROADER TOPICS
NARROWER TOPICS
Microsoft locks door to default guest authentication in Windows Pro
Bringing OS version into sync with Enterprise and Education editions
CSO17 Jan 2023 | 24
Crooks copy source code from Okta’s GitHub repository
The hack wraps up a year of bad security incidents for identity
Security23 Dec 2022 | 13
Windows Server domain controllers may stop, restart after recent updates
Microsoft outlines a workaround while pulling together a fix to LSASS memory leak
Patches28 Nov 2022 | 20
Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers
Emergency out-of-band updates to the rescue
Patches21 Nov 2022 | 36
Microsoft to kill off old access rules in Exchange Online
Awoooogah – this is your one-year warning to switch over, enterprises
CSO28 Sep 2022 | 13
Oracle Cloud at one point would let you access any other customer's data
chmod a+rw at hyperscale
PaaS + IaaS21 Sep 2022 | 5
Microsoft: The deadline to get off Basic Auth is approaching
Exchange Online face Halloween deadline
OSes05 Sep 2022 | 50
FBI: Look out, crooks stole $1.3b in cryptocurrency in just three months this year
DeFi, as in, defying belief
Cyber-crime01 Sep 2022 | 9
LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data
Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor
Cyber-crime22 Aug 2022 | 7
DataDome looks to CAPTCHA the moment with test of humanity that doesn't hurt
As the verification technology weathers ongoing criticism from users, one anti-bot security vendor rolls out its own tool
Security21 Jul 2022 | 15
Mergers and acquisitions put zero trust to the ultimate test
Bypasses an arduous integration process with right security footing from the start
CSO13 Jul 2022 | 1
Zero Trust: What does it actually mean – and why would you want it?
Systems Approach 'Narrow and specific access rights after authentication' wasn't catchy enough
Networks30 Jun 2022 | 10
Start using Modern Auth now for Exchange Online
Before Microsoft shutters basic logins in a few months
CSO29 Jun 2022 | 28
DeadBolt ransomware takes another shot at QNAP storage
Keep boxes updated and protected to avoid a NAS-ty shock
Cyber-crime18 Jun 2022 | 16
Vehicle owner data exposed in GM credential-stuffing attack
Car maker says miscreants used stolen logins to break into folks' accounts
Security25 May 2022 | 29
Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies
Critical authentication bypass revealed, older flaws under active attack
CSO19 May 2022 | 6
GitHub to require two-factor authentication for code contributors by late 2023
Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks
Security05 May 2022 | 17
Threat group builds custom malware to attack industrial systems
US security agencies say the tools can give hackers control of ICS and SCADA devices
Security14 Apr 2022 | 8
HCL and HP named in unflattering audit of India’s biometric ID system
Same biometric used for different people, no archives, lousy infosec among the issues
Security12 Apr 2022 | 16
Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln
Patch flaws and enforce authentication policies, CISA and FBI warn
Security16 Mar 2022 | 3
Azure flaw allowed users to control others' accounts
AutoWarp security hole wasn't exploited – though researchers saw a way into a bank and a telco
Security08 Mar 2022 | 7
The zero-password future can't come soon enough
SpyCloud highlights poor password hygiene of consumers and the threat to enterprises
Security02 Mar 2022 | 121
Silk could tie up all-but-unbreakable encryption, say South Korean boffins
At last, a worm that improves security
Security28 Jan 2022 | 36
Biting the hand that feeds IT
