Security News

10 data security enhancements to consider as your employees return to the office
2023-01-16 04:30

"The increase in data breach incidents across North America is troubling and must be prioritized as employees continue to return in-person to their corporate offices," said Kuljit Chahal, Practice Lead, Data Security at Adastra North America. Awareness of data security best practices among employees is essential-according to the 2022 Verizon Data Breach Investigations Report, 82% of data breaches are caused by human error and companies of all sizes are at risk.

Microsoft fixes Windows taskbar bug causing Explorer, Office freezes
2022-12-16 20:16

Microsoft says that Windows 10 updates released in late September are causing Windows taskbar flicker issues and app instability. "After installing updates released September 20, 2022 or later, taskbar elements might flicker and cause system instability," Microsoft said in a new issue added to the Windows health dashboard on Friday.

Executives take more cybersecurity risks than office workers
2022-12-16 04:00

Ivanti worked with cybersecurity experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today's cybersecurity threats and find out how companies are preparing for yet-unknown future threats. The report revealed that despite 97% of leaders and security professionals reporting their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago, one in five wouldn't bet a chocolate bar they could prevent a damaging breach.

New CryWiper data wiper targets Russian courts, mayor’s offices
2022-12-02 17:29

A previously undocumented data wiper named CryWiper is masquerading as ransomware, but in reality, destroys data beyond recovery in attacks against Russian mayor's offices and courts. "In the fall of 2022, our solutions detected attempts by a previously unknown Trojan, which we named CryWiper, to attack an organization's network in the Russian Federation," explains the new report by Kaspersky.

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]
2022-10-20 18:54

DOUG. "Your password has a low security level and maybe at risk. Please change your login password." DUCK. Yes, "Your password has a low security level".

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages
2022-10-17 10:33

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. Office 365 Message Encryption is a security mechanism used to send and receive encrypted email messages between users inside and outside an organization without revealing anything about the communications themselves.

FYI: Microsoft Office 365 Message Encryption relies on insecure block cipher
2022-10-14 20:11

Microsoft Office 365 Message Encryption claims to offer a way "To send and receive encrypted email messages between people inside and outside your organization." Office 365 Message Encryption relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used.

Serious Security: Microsoft Office 365 attacked over feeble encryption
2022-10-14 18:59

We're not quite sure what to call it right now, so we referred to it in the headline by the hybrid name Microsoft Office 365. The web-based versions of the Office tools don't have the same feature set as the full apps, so any results we might obtain are unlikely to align with how most business users of Office, ah, 365 have configured Word, Excel, Outlook and friends on their Windows laptops.

Weakness in Microsoft Office 365 Message Encryption could expose email contents
2022-10-14 11:06

WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption that could be exploited by attackers to obtain sensitive information. OME, which is used by organizations to send encrypted emails internally and externally, utilizes the Electronic Codebook implementation - a mode of operation known to leak certain structural information about messages.

Microsoft Office 365 email encryption could expose message content
2022-10-14 10:00

Security researchers at WithSecure, previously F-Secure Business, found that it is possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365 due to the use of a weak block cipher mode of operation. Organizations use Office 365 Message Encryption to send or receive emails, both external and internal, to ensure confidentiality of the content from destination to source.