
Let's stop willy-nilly handing the keys over to remote suppliers and software in the first place just for the ease of switching on our lightbulbs through our mobile phones!
Microsoft has advised its reseller community it needs to pay attention to the debut of improved security tooling aimed at making it harder for attackers to worm their way into your systems through partners. That service providers can be used to attack their customers is not in dispute: recent exploits targeting ConnectWise, …
You don't want that.
Think about it for a minute : why are you authorizing remote access to a 3rd party in the first place ? Most likely, it is because they have the special proficiency you are lacking in your own workforce. That means they'll be coming in with near-admin level privilege. You want to be able to track that, and you don't want to give admin access to someone who clearly will never need it.
Create a specific user for that specific access, and log the interactions. That way, if something fishy happens, you either have proof of origin, or proof that you need to look somewhere else.
"Why are you authorizing remote access to a 3rd party in the first place? [The m]ost likely [reason is that he has] special proficiency [that] you are lacking in your own workforce."
You could have hired an FTE with such proficiency, but you're an a$$h0le.
That's why your pennywise-but-pound-foolish company deserves what it gets, when, later, it gets hacked.
Partnerships are a reality. Collaborations are a reality. Two companies may need to work together on projects, account payments, approvals, etc. Many times a company will create separate groups: employees who deal with IBM and, separately, employees who deal with MSFT. It is normal for these employees to collaborate with their customers and vendors on a very close basis.
The best examples are employees of audit companies, which by the very nature of their tasks, can't be the audited company's employees.
Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.
In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January.
And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse.
Microsoft has opened its wallet once more to pick up New York-based cyber-threat analyst Miburo.
Founded by Clint Watts in 2011, Miburo is all about the detection of and response to foreign (in the context of the US) information operations. The team is to be folded into Microsoft's Customer Security and Trust organization and the work of its analysts is to be fed into the Windows giants' threat detection and analysis capabilities.
"Miburo," said Microsoft, "has become a leading expert in identification of foreign information operations." Its research teams have hunted out some nasty influence campaigns over 16 languages.
Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.
Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.
Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.
Microsoft has indefinitely postponed the date on which its Cloud Solution Providers (CSPs) will be required to sell software and services licences on new terms.
Those new terms are delivered under the banner of the New Commerce Experience (NCE). NCE is intended to make perpetual licences a thing of the past and prioritizes fixed-term subscriptions to cloudy products. Paying month-to-month is more expensive than signing up for longer-term deals under NCE, which also packs substantial price rises for many Microsoft products.
Channel-centric analyst firm Canalys unsurprisingly rates NCE as better for Microsoft than for customers or partners.
Microsoft is extending the Defender brand with a version aimed at families and individuals.
"Defender" has been the company's name of choice for its anti-malware platform for years. Microsoft Defender for individuals, available for Microsoft 365 Personal and Family subscribers, is a cross-platform application, encompassing macOS, iOS, and Android devices and extending "the protection already built into Windows Security beyond your PC."
The system comprises a dashboard showing the status of linked devices as well as alerts and suggestions.
Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances.
The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.
This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come.
Updated Microsoft's latest set of Windows patches are causing problems for users.
Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).
KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.
Microsoft has added a certification to augment the tired eyes and haunted expressions of Exchange support engineers.
The "Microsoft 365 Certified: Exchange Online Support Engineer Specialty certification" was unveiled yesterday and requires you to pass the "MS-220: Troubleshooting Microsoft Exchange Online" exam.
Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.
The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.
Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.
RSA Conference Major supply-chain attacks of recent years – we're talking about SolarWinds, Kaseya and Log4j to name a few – are "just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center.
"All of those have been big," she said, in an interview with The Register at RSA Conference. "But I feel they will continue and there will be more. And there's a reason I think that."
As the head of MSRC, Gupta has a unique vantage point. Her view spans all of Microsoft's products and services, as well as visibility across industry partners' software and tools plus customers' environments including government agencies.
Biting the hand that feeds IT © 1998–2022