Security News

The new services bring together Mandiant expertise and intelligence with Microsoft security products to provide an unprecedented level of security capabilities for customers. "By coming together with Microsoft, we will help customers fundamentally improve their security programs with insights from Mandiant experts who are experienced in defending against the most sophisticated adversaries in the world."

As a cornerstone of the strategy, SES signed a multi-year agreement with Microsoft to be an Azure Orbital partner as well as to accelerate and expand the use of Microsoft Azure across its operations and jointly develop cloud-based video and data connectivity managed services. As an Azure Orbital partner, SES will be co-locating and managing O3b mPOWER gateways with Microsoft Azure locations so its customers are always only "One-hop" away from their Azure cloud services anywhere in the world.

They roll out as Microsoft announced that it is tracking active exploitation in the wild. Exploiting the bug allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Microsoft.

Microsoft earlier this month exposed a 6.5TB Elastic server to the world that included search terms, location coordinates, device ID data, and a partial list of which URLs were visited. The data appears to be generated by the Bing mobile app, which promises users "Getting rewarded is easy, just search with the Bing," and has been downloaded more than 10 million times from Google's Play Store at least.

WizCase experts have identified an unprotected Elasticsearch server that contained terabytes of data pertaining to users of Microsoft's Bing mobile application. White hat hacker Ata Hakcil, who identified the leak, was able to confirm that the Elasticsearch server belonged to Microsoft's Bing mobile app by installing the application and running a search for WizCase.

Microsoft announced on Tuesday at its Ignite 2020 conference that it has extended its threat protection portfolio and it has unified some of its cybersecurity solutions. Microsoft Defender includes Microsoft 365 Defender, formerly Microsoft Threat Protection, and Azure Defender, which includes the cloud workload protections in the Azure Security Center.

Microsoft has updated its Security Update Guide, which is used by tens of millions of cybersecurity professionals the second Tuesday of every month, also known as Patch Tuesday. The update is "To help protect our customers regardless of what Microsoft products or services they use in their environment," according to a Microsoft Security Response Center blog post on Tuesday.

Microsoft has detailed the steps involved in the processing of vulnerability reports, so that reporting researchers know what to expect when submitting information on a bug. The portal, the tech company notes, delivers a secure and guided way for security researchers to share all of the necessary details required to reproduce a reported vulnerability and identify a fix for it.

A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. "Based on the sheer amount of data, it is safe to speculate that anyone who has made a Bing search with the mobile app while the server has been exposed is at risk," said WizCase's Chase Williams in a Monday post.

An unsecured database has exposed sensitive data for users of Microsoft's Bing search engine mobile application - including their location coordinates, search terms in clear text and more. While no personal information, like names, were exposed, researchers with Wizcase argued that enough data was available that it would be possible to link these search queries and locations to user identities - giving bad actors information ripe for blackmail attacks, phishing scams and more.