Security News

Executives and leaders from big tech, education, the finance sector, and infrastructure have committed to bolstering US interests' security during yesterday's White House cybersecurity summit. The Biden administration has added natural gas pipelines to the Industrial Control Systems Cybersecurity Initiative, aiming to strengthen critical infrastructure cybersecurity.

Microsoft is investigating an ongoing issue impacting OneDrive for Business customers and causing their storage space to shrink down to the default setting or switching them to read-only mode, forcing some to delete files to free up space to work on their projects. OneDrive for Business is a cloud storage and file sharing service for enterprise customers that allows users to access, share, and collaborate on personal and shared work files across Microsoft 365.

Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. "Please update now!"Customers that have installed the May 2021 security updates or the July 2021 security updates on their Exchange servers are protected from these vulnerabilities, as are Exchange Online customers so long as they ensure that all hybrid Exchange servers are updated, the company wrote.

Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions. Although Microsoft fully patched the ProxyShell bugs by May 2021, they didn't assign CVE IDs for the vulnerabilities until July, preventing some orgs with unpatched servers from discovering that they had vulnerable systems on their networks.

Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails. Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with protection from multiple threats, including business email compromise and credential phishing, as well as automated attack remediation.

Despite the wide range of applications and features in the Microsoft 365 platform, the primary communication and collaboration tool for most users - and the core of Microsoft 365's functionality - continues to be email. The Microsoft 365 cloud environment itself benefits from an extensive monitoring and security infrastructure.

A lack of proper security configuration with Microsoft's Power Apps has led to the exposure of data from some 38 million records, according to security firm UpGuard. Among the organizations whose data was exposed were government agencies in Indiana, Maryland and New York City, as well as private companies such as American Airlines, J.B. Hunt and even Microsoft itself.

More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "New vector of data exposure." Power Apps is a Microsoft-powered development platform for building low-code custom business apps that work across mobile and the web using prebuilt templates, in addition to offering APIs to enable access to data by other applications, including options to retrieve and store information.

More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "New vector of data exposure."Power Apps is a Microsoft-powered development platform for building low-code custom business apps that work across mobile and the web using prebuilt templates, in addition to offering APIs to enable access to data by other applications, including options to retrieve and store information.

For months, Microsoft's Power Apps portals exposed personal data tied to 38 million records ranging from COVID-19 vaccination status, social security numbers and email addresses. Microsoft describes its Power Apps as a "Suite of apps, services, and connectors, as well as a data platform, that provides a rapid development environment to build custom apps for your business needs." The tool is used by developers to build applications that share data locally or with the cloud.