October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance. Microsoft is aware of limited targeted Read more
Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker. At this time, Microsoft Read more
Today, we’re pleased to announce the release of the Microsoft Defender for Office 365 Security Operations Guide. Security operations (SecOps) teams continuously perform tasks to provide a high-quality, reliable approach to protect, detect, and respond to email and collaboration-related security threats within an organization. When Microsoft Defender for Read more
When you think about Cloud Security there are many areas of responsibility – securing infrastructure, network, data, applications, and managing identities and access. There are also ongoing processes for security operations and governance, risk & compliance management. But the best part of building your application on cloud is that you Read more
Section 10(j) of EO 14028 defines an SBOM as a “formal record containing the details and supply chain relationships of various components used in building software,[1]” similar to food ingredient labels on packaging. SBOMs hold the potential to provide increased transparency, provenance, and speed at which vulnerabilities[2] can be identified Read more
IT Security Certification Roadmap charting security implementation, architecture, management, analysis, offensive, and defensive operation certifications. — Lees op pauljerimy.com/security-certification-roadmap/
4 best practices to implement a comprehensive Zero Trust security approach – Microsoft Security Blog — Lees op www.microsoft.com/security/blog/2022/02/17/4-best-practices-to-implement-a-comprehensive-zero-trust-security-approach/
Gedetailleerde technische referentiearchitectuur voor cyberbeveiliging in meerdere cloudomgevingen, waaronder microsoft- en platforms van derden — Lees op docs.microsoft.com/nl-nl/security/cybersecurity-reference-architecture/mcra
In 2021, cybersecurity authorities in the United States,[1][2][3] Australia,[4] and the United Kingdom[5] observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against Read more
Top 10 Cyber Attack Maps to See Digital Threats For 2022 — Lees op cybersecuritynews-com.cdn.ampproject.org/c/s/cybersecuritynews.com/cyber-attack-maps/