Security News

Last year, Microsoft announced automatic attack disruption capabilities in Microsoft 365 Defender, its enterprise defense suite. On Wednesday, it announced that these capabilities will now help organizations disrupt two common attack scenarios: BEC and human-operated ransomware attacks.

The automatic attack disruption functionality aimed at corporate security operation centers uses millions of data points and signals to identify active malware campaigns - including ransomware - and take steps to automatically isolate the device under attack from the network and to suspended accounts compromised by the attackers. The software and cloud services giant has now expanded the public preview of the automatic attack disruption capability to cover business email compromise and human-operated ransomware attacks.

Microsoft says admins should remove some previously recommended antivirus exclusions for Exchange servers to boost the servers' security. "Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues," the Exchange Team said.

Microsoft will start testing Bing Chat tones, enabling users to switch between receiving answers that are either more creative or more focused on their queries. We are "Going to begin testing an additional option that lets you choose the tone of the Chat from more Precise - which will focus on shorter, more search focused answers - to Balanced, to more Creative - which gives you longer and more chatty answers," the Bing Team said.

According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken. This ongoing issue was confirmed by countless Outlook users who have reported that all messages were landing in their inboxes, even those that would have been previously tagged as spam and sent to the junk folder.

Get hired in cybersecurity: Expert tips for job seekersIn this Help Net Security interview, Joseph Cooper, Cybersecurity Recruiter at Aspiron Search, offers practical advice for job seekers and talks about how the cybersecurity profession continues to expand. Admins, patch your Cisco enterprise security solutions!Cisco has released security updates for several of its enterprise security and networking products.

A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021.

Hackers are deploying a new malware named 'Frebniss' on Microsoft's Internet Information Services that stealthily executes commands sent via web requests. Microsoft IIS is a web server software that acts as a web server and a web app hosting platform for services like Outlook on the Web for Microsoft Exchange.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. "The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.