Over the last few years, Microsoft 365 has significantly enhanced its native security capabilities. Today, it offers a solid foundation of protection from advanced attacks, making it a popular choice for organizations. However, security threats are advancing rapidly, and Microsoft 365 still has some points of weakness that are leaving users vulnerable. Cybersecurity experts' views on email risk within Microsoft 365 is our most recent report identifying the security risks its users face.

At 2022’s AGConf (1Password’s annual employee conference), every employee received a goodie box to celebrate the event and the company’s successes over the past year. Our theme this year was “space”, so the goodie box included a kit for a Lego rocket ship (very appropriate considering our own CEO is a Lego aficionado).

As many threat actors and groups seek to utilize recently discovered vulnerabilities, the Cyberint Research Team found several XFiles stealer campaigns, in which Follina vulnerability was exploited as part of the delivery phase. Follina is one of the most widespread vulnerabilities discovered throughout 2022. The vulnerability allows a threat actor to perform a remote code execution (RCE) through malicious Word documents. XFiles stealer is a vastly used info stealer that took off during the end of 2021.

The job of a CISO is one of constant change and unexpected challenges. One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both curious students, as well as notable scholars. This is an audience not known for slow-motion progress. They need results, and they expect them quickly. At a large university, the responsibility of a CISO is dizzying.

The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal profession in the United States is Privacy Law. Privacy certifications endorse attorneys as credentialed privacy lawyers. Privacy certifications can boost income streams and growth potential while increasing job stability and sustainability.

With the rising trend of digitization, major companies like Airbnb, Microsoft and Twitter are staying out of the office, moving processes online and allowing employees the option to work from home. Organizations are adopting remote and hybrid working models. As a result, many people are spending more than double the amount of time online as they did pre-pandemic.

The Domain Name System (DNS) is responsible for mapping client-facing domain names to their corresponding IP addresses, making it a fundamental element of the internet. DNS-level events provide valuable information about network traffic that can be used to identify malicious activity. For instance, monitoring DNS lookups can help you see whether a host on your network attempted to connect to a site known to contain malware.

Companies have increasingly allowed bring your own device (BYOD) policies to support remote work, but in today’s cybersecurity landscape, this trend has led to an increased attack surface. Each additional endpoint increases the potential for credentials to be compromised through credential phishing attacks. Hackers are leveraging this trend to conduct insider attacks, leaving businesses vulnerable to data breaches.

We are thrilled to announce that CRN has recognized WatchGuard in its first-ever MES Matters list for 2022! This awards program highlights vendors that have proven themselves to be cutting-edge technology providers offering solutions that support the growth and innovation of midmarket organizations. CRN defines the midmarket as an organization with an annual revenue of $50M - $2B, and/or 100 – 2500 total supported users and seats.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Often a target for directory traversal, file packing utilities offer an excellent way to break a system. Sandboxing is a good test first but who regularly does that?