Security News

Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Team's link preview feature reported since March 2021.Bräunlein reported the four flaws to the Microsoft Security Response Center, which investigates vulnerability reports concerning Microsoft products and services.

Four vulnerabilities in Microsoft Teams, unpatched since March, allowed link spoofing of URLs and opened the door to DoS attacks against Android users, researchers said. Researchers from Positive Security discovered four bugs in the feature earlier this year and told Microsoft about the issues on March 10.

According to Gartner®, many resource-constrained organizations, specifically midsize enterprises, struggle to provide even basic security awareness training to their users, let alone develop a sophisticated, multichannel, context-specific, and employee-centric enterprise security awareness program. Say you've got a security training solution that performs some tasks automatically, like sending out training reminders or test emails on a preset schedule.

Microsoft announced today the general availability of end-to-end encryption support for one-to-one Microsoft Teams calls. "Once IT has configured the policy and enabled it for selected users, those selected users will still need to turn on end-to-end encryption in their Teams settings. IT retains the ability to disable E2EE for one-to-one Teams calls as necessary."

Teams can't afford to take a minute off, but they also can't manage the massive security necessary to defend most organizations. A new eBook by XDR provider Cynet breaks down this challenge and offers some solutions for lean security teams looking for ways to improve their detection and response capabilities.

XDR provider Cynet has built a new minisite with the goal of giving these lean IT Security teams a space to find answers, share their wins and strategies, gain new insights, and have some fun in the process. The company refers to these lean teams and the people that make them up as Lean IT Security Heroes.

The study reveals a cultural divide between IT and OT teams that affects the ability to secure both the IT and the ICS/OT environment. Thirty-nine percent have IT and OT teams that work together cohesively to achieve a mature security posture across both environments.

A threat actor tracked as Shatak recently partnered with the ITG23 gang to deploy Conti ransomware on targeted systems. The Shatak operation partners with other malware developers to create phishing campaigns that download and infect victims with malware.

Security teams doing reactive security tasks instead of being proactive. While security teams aspire to do more proactive and risk-driven operations, like risk management, incident analysis, threat modeling, they spend most of their time doing foundational and reactive security tasks, like updating patches, researching and analyzing critical incidents and removing false positives.

There's a widespread misconception that small IT security teams, or "Lean sec teams", cannot protect their organizations as comprehensively as bigger security teams who enjoy rich portfolios of countless security layers, vendors, and tools. How do CISOs and leaders of lean security teams at small- and mid-sized organizations get by when they face the same threats as major corporations but have only a fraction of the cybersecurity resources at hand?