Orca Security revealed a potential point of entry for attackers through Shared Key authorisation that could inadvertently become a gateway to sensitive data.
For IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities.
Microsoft does not appear to be updating Windows Software Update Services, but newer patch management options might be a better choice.
The September Windows 11 update add protections against malicious applications and drivers, phishing, credential misuse, and more.
Sometimes the latest security best practices don't align with an organisation's compliance templates. These are some of the areas where you might need an exception.
It's getting harder to assess the impact of patching or not patching, and too many patches don't fully fix the problem. It's time to pressure vendors.
Microsoft is deploying new features and defaults to help keep threat actors from remotely accessing networks, but you can do more.
CISOs can follow this advice to minimise stress when recovering credentials, systems and settings after a ransomware or other cyber attack.
Are your settings, policies and processes keeping up with the changing threat landscape? Review your network to make sure.
New vulnerabilities in Active Directory emerge regularly, and unpatched old ones and misconfigurations open doors for attackers.
Whenever the second Tuesday of the month rolls around, Microsoft begins to push out a raft of updates and patches for Windows users.
Microsoft Defender for Business alerts can show what's happening in the network. The better users understand their network, the faster they can triage alerts.
Spring4Shell does not affect most systems, so a calm, methodical approach to assessing the real threat is best.
From cloud to on-premises access, having two-factor authentication (2FA) can help keep attackers at bay yet they continue to gain network access.
Microsoft changes default settings for a variety of reasons, but some recent key changes are designed to keep businesses safer from cyber attacks.
