Security News

Microsoft has confirmed that they were hacked in the recent SolarWinds attacks but denied that their software was compromised in a supply-chain attack to infect customers. Tonight, Reuters released a report stating that sources indicated that Microsoft was not only compromised in the SolarWinds supply-chain attack but also had their software modified to distribute malicious files to its clients.

Asigra software version 14.2 support for the Microsoft software suite empowers solution providers to significantly lower cybersecurity threats targeting backup repositories with MS Office 365 data. Asigra Cloud Backup with Deep MFA allows users to easily schedule the creation of point-in-time backup copies of mailboxes and corporate data residing in Microsoft Office 365 Exchange Online, Office 365 Groups, SharePoint Online, and OneDrive for Business - with no limitations on data volumes or number of mailboxes.

Microsoft has opened up the public preview of password autofill via its Authenticator app for iOS and Android. Requiring iOS 12.0 or above, or Android 6.0 and later, Microsoft's Authenticator app has been pressed into password management.

Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself. As part of a coordinated disclosure with Microsoft and SolarWinds, FireEye released a report on Sunday with an analysis of the supply chain attack and how the Sunburst backdoor operates.

Microsoft has released a new version of Microsoft Authenticator that now acts as a password manager for Android and iOS. With this new feature, you can now autofill credentials into websites and apps that were saved via Authenticator or Microsoft Edge's built-in password manager to your Microsoft account. Once enabled on Microsoft Authenticator and you log in to an app or website, you will be prompted to autofill your saved password, as shown below.

Mindtree announced the launch of a dedicated Microsoft go-to-market business unit centered on building new solutions based on Microsoft platforms and technologies, as well as developing the next generation of talent across the Mindtree organization globally. The Microsoft go-to-market business unit is a component of Mindtree's multi-tiered initiative to support the continued demand of cloud services and solutions.

Microsoft has announced today that Microsoft Defender will begin quarantining compromised SolarWind Orion binaries starting tomorrow morning. The threat actors used these malicious binaries to install a backdoor known as Solorigate or SUNBURST. While Microsoft is already detecting the backdoor, they have not quarantined the SolarWinds binaries as it could affect essential network management operations used by customers.

Microsoft has started rolling out new Universal versions of Microsoft 365 apps with native support for both Apple Silicon and Intel-based Macs starting today. "The new Office apps are Universal, so they will continue to run great on Macs with Intel processors," Bill Doll, Senior Product Marketing Manager for Microsoft 365 said.

The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims' Office 365 credentials.

Microsoft has removed a safeguard hold blocking Windows 10 updates on systems affected by a known issue causing blue screen of death crashes when users plugged in a Thunderbolt NVMe Solid State Drive. After discovering the BSOD issue, Microsoft added a compatibility hold to prevent impacted devices from being offered Windows 10, version 2004 or Windows 10, version 20H2 upgrades.