Security News

Microsoft announced today the general availability of tenant-wide idle session timeout for Microsoft 365 web apps to protect confidential data on shared or non-company devices left unattended. After an IT admin such as a Microsoft 365 or Office 365 global admin enables this new feature, users who have reached the configured period of inactivity will be notified that they're going to be automatically signed out.

Microsoft has finally confirmed Internet connectivity issues affecting servers with Routing and Remote Access Service enabled after installing Windows updates released as part of this month's Patch Tuesday. Microsoft has now revealed that these issues have been addressed in last week's optional Windows cumulative update previews.

A Chinese-speaking threat actor has hacked into the building automation systems of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks. The APT group, whose activity was spotted by Kaspersky ICS CERT researchers, focused on devices unpatched against CVE-2021-26855, one of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon.

Microsoft says it addressed a known issue that was causing all Microsoft Edge tabs running IE mode to stop responding if one of the opened sites displayed a modal dialog box after issuing a window. The IE mode problems affect devices running Windows 11, Windows 10, and Windows Server 2022 after installing the KB5014019, KB5014023, and KB5014021 optional preview cumulative updates.

Microsoft 365 provides powerful services within Office 365 - but a extensive backup of your Office 365 data is not one of them. Veeam® Backup for Microsoft 365 removes the risk of losing access and control over your Office 365 data, including OneDrive for Business, SharePoint Online, Exchange Online, and Microsoft Teams - so that your data is always protected and accessible.

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. D0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user's authentication cookies and log into stolen accounts, even if they are secured with MFA. Microsoft Edge WebView2 to the rescue.

Microsoft has reminded customers that the Exchange Server 2013 mail and calendaring platform will reach its extended end-of-support date roughly nine months from now, on April 11, 2021.Released in January 2013, Exchange Server 2013 entered its ninth year of service and has already reached the mainstream end date more than four years ago, on April 10, 2018.

Microsoft wants to make Edge the go-to browser for gaming, with new features unveiled today, including a new gaming portal and the public release of its Clarity boost upscaling feature when using Xbox Cloud Gaming. Those using Microsoft's Xbox Cloud Gaming service to stream games to their PCs may have noticed a difference in graphics quality compared to playing the game on the console.

The Computer Emergency Response Team of Ukraine has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28, the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap.

Microsoft said today that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after Russia's invasion. Since the start of the war, threat actors linked to several Russian intelligence services have attempted to breach entities in dozens of countries worldwide, prioritizing governments, according to Microsoft Threat Intelligence Center analysts.