Security News

Dataguise announced a new product integration with Microsoft Information Protection, a cloud-based solution that enables organizations to classify and protect documents, emails, and other sensitive data by applying labels. For organizations using the power and efficiency of Microsoft Azure, Dataguise can enhance the efficiency and effectiveness of data protection processes through integrated, automated sensitive data discovery.

Microsoft has open-sourced OneFuzz, its own internal continuous developer-driven fuzzing platform, allowing developers around the world to receive fuzz testing results directly from their build system. Fuzzing is an automated software testing technique that involves entering random, unexpected, malformed and/or invalid data into a computer program.

Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities. The tool Microsoft has released is called "OneFuzz" and the company says it is "The testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world."

Microsoft on Tuesday announced the release of Project OneFuzz, an open source fuzzing framework for Azure that the tech giant has been using internally for the past year to find and patch bugs. Project OneFuzz, which Microsoft describes as an extensible fuzz testing framework, is designed to address some of the challenges typically associated with fuzzing, enabling developers to conduct this type of testing themselves and allowing security engineers to focus on other important tasks.

Proof-of-concept exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies' Active Directory domain controllers. "This attack has a huge impact: It basically allows any attacker on the local network to completely compromise the Windows domain," said researchers with Secura, in a Friday whitepaper.

Bugs in the multi-factor authentication system used by Microsoft's cloud-based office productivity platform, Microsoft 365, opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint. The flaws exist in the implementation of what is called the WS-Trust specification in cloud environments where WS-Trust is enabled and used with Microsoft 365, formerly called Office 365.

Abnormal Security announced a global strategic alliance with Microsoft to deliver comprehensive security solutions to enterprises. Abnormal Security is one of the only cloud-native security platforms that dozens of Fortune 1000 companies trust to protect their cloud environments.

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

American tech giant Microsoft said Sunday its offer to buy TikTok was rejected, leaving Oracle as the sole remaining bidder ahead of the imminent deadline for the Chinese-owned video app to sell or shut down its US operations. The Wall Street Journal and The New York Times reported that Oracle had won the bidding war, citing people familiar with the deal, although the company did not immediately confirm that to AFP. But two Chinese state media outlets - CGTN and China News Service - said Monday that ByteDance will not sell TikTok to Oracle either, citing unnamed sources.

Hacker groups are ramping up activity as the US heads into the peak of election season. To help thwart such attempts, the US Department of State recently announced a multimillion-dollar bounty focused on identifying cybercriminals associated with foreign governments targeting US elections.