Security News

Organisations have work to do if they want to attract and retain diverse talent in their security operations teams, according to SOC.OS and Sapio Research. 23% or respondents said they're struggling to incentivise, motivate and retain their SecOps teams.

A successful partnership can also accelerate the resolution of security issues whilst increasing network resilience, helping both network and security teams to achieve their goals. Whilst network operations prioritize producing highly available and high-performing networks, the security teams have the different task of lowering risk to the business and protecting the network.

"The findings confirm our belief that security teams must make improving their relationship with developers a major priority in 2022," said Harshil Parikh, CEO of Tromzo. "They can do this by making security easy for developers. This means integrating security checks into the SDLC and transitioning from security gates to security guardrails so security can become a first-class citizen once and for all."

Microsoft said it won't be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March. The disclosure comes from Berlin-based cybersecurity firm Positive Security, which found that the implementation of the link preview feature was susceptible to a number of issues that could "Allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address, and DoS'ing their Teams app/channels."

Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Team's link preview feature reported since March 2021.Bräunlein reported the four flaws to the Microsoft Security Response Center, which investigates vulnerability reports concerning Microsoft products and services.

Four vulnerabilities in Microsoft Teams, unpatched since March, allowed link spoofing of URLs and opened the door to DoS attacks against Android users, researchers said. Researchers from Positive Security discovered four bugs in the feature earlier this year and told Microsoft about the issues on March 10.

According to Gartner®, many resource-constrained organizations, specifically midsize enterprises, struggle to provide even basic security awareness training to their users, let alone develop a sophisticated, multichannel, context-specific, and employee-centric enterprise security awareness program. Say you've got a security training solution that performs some tasks automatically, like sending out training reminders or test emails on a preset schedule.

Microsoft announced today the general availability of end-to-end encryption support for one-to-one Microsoft Teams calls. "Once IT has configured the policy and enabled it for selected users, those selected users will still need to turn on end-to-end encryption in their Teams settings. IT retains the ability to disable E2EE for one-to-one Teams calls as necessary."

Teams can't afford to take a minute off, but they also can't manage the massive security necessary to defend most organizations. A new eBook by XDR provider Cynet breaks down this challenge and offers some solutions for lean security teams looking for ways to improve their detection and response capabilities.

XDR provider Cynet has built a new minisite with the goal of giving these lean IT Security teams a space to find answers, share their wins and strategies, gain new insights, and have some fun in the process. The company refers to these lean teams and the people that make them up as Lean IT Security Heroes.