Trustwave security teams are aware of two zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) impacting Microsoft Exchange Server 2013, 2016, and 2019 and organizations with Outlook Web Access facing the Internet. If exploited, the vulnerabilities can allow an attacker to elevate privilege and remote code execution capability. We immediately investigated the vulnerabilities and potential exploits and continue to monitor the situation.
If you’re like many organizations that have heavily invested in Microsoft 365, you may be considering, or already attempting, to use SharePoint Online as your company file server. After all, it’s “free” since it’s included in the service, right? While Microsoft has made improvements on the front-end with OneDrive for Business and Teams, there are still many challenges and hidden costs associated with using SharePoint as your primary company file system.
In 2005, a new market emerged when Gartner coined the term "SIEM" OR Security and Information Event Management. Back then, it was a legacy system aggregating event data produced by security devices, systems, network infrastructures and applications. However, it lacked monitoring functionality and was limited to vertical scalability.
The JFrog DevOps Platform is your mission-critical tool for your software development pipelines. The results of key binary management events in Artifactory, Xray, and Distribution can reveal whether or not your software pipelines are on-track to deliver production-quality releases.
In January 2022, Microsoft announced that Excel 4.0 macros would be restricted by default, to protect users from malicious macros. In February 2022, Microsoft announced that VBA macros would also be blocked for files downloaded from the internet. Cybersecurity professionals and enthusiasts rejoiced at the news! Malicious Office documents were running rampant. Attackers abused Microsoft Office macros to deliver BazarLoader and Trickbot, and remote access trojans like AveMaria and AgentTesla.
Speaking with clients, I find one of the biggest issues they struggle with how to properly secure Guest access in Microsoft 365 applications. While many organizations had already begun outsourcing their email to M365, most had really only begun looking at the rest of the M365 offering (Teams, SharePoint Online and OneDrive) when COVID hit. Most organizations wound up diving headfirst into this offering in an attempt to deal with the sudden need to work and collaborate with colleagues from home.