Tom Latimer’s Post

This is starting to become a pattern which is precisely why we build private containerised gpts and LLMs

Cyber scoop Microsoft rolls out expanded logging six months after Chinese breach: The technology giant has come under heavy criticism for not making robust logging features available by default.  The post Microsoft rolls out expanded logging six months after Chinese breach appeared first on CyberScoop. Check it out!

🚨 3 Key Learnings from the Recent Microsoft Breach: A Wake-Up Call! 🚨 1️⃣ Big Fish, Big Challenges: Even giants like Microsoft, armed with a fleet of full-time cybersecurity wizards, face tough battles in safeguarding their digital treasures. 🛡️ Imagine the hurdles for small and medium businesses! It's crucial to have reliable allies in this cyberwar. Don't go it alone! 💪 2️⃣ Beyond the Frontlines: Remember, it's not just the showy production environment that needs our watchful eyes. Testing and development realms are equally vital kingdoms to protect! 🌐 Limit access, and think twice before exposing them to the vast wilderness of the public internet. 🔐 3️⃣ Less Is More: In our digital vaults, let's keep only what's absolutely necessary for our business and regulatory needs. 📁 If it's not essential, it's time to say goodbye. Decluttering digital space isn’t just tidy; it’s smart and safe! 🚮 👉 Each breach teaches us something new. Let’s stay alert and adapt, because in the cyberworld, knowledge is not just power – it's protection! 💡🔒 https://lnkd.in/gH2dB4tk

Tech firm Hewlett Packard Enterprise says its cloud-based email systems were breached by the same Russian hacking group that compromised Microsoft email accounts earlier this month. Little wonder as they both use the same exposed and Insecure DNS servers... The narrative is surely starting to wear thin to even people not in security. However, the finger pointing and laying blame continues glossing over and covering up basic security errors and negligence. Possibly the narrative is slightly more sinister. Are the U.S. Government rallying the troops to reinforce their ongoing fight (Cyber or other) against Russia, China, Iran, or anyone else that disagrees with them? It is Election Year after all, which Politician doesn't love good theatre... Not an easy one to call however, demonstrable and unequivocal evidence of Microsoft, and now HPE lax and wholly inadequate basic security measure are more systemic, than a slight error here and there. The $3trillion valuation and share price is possibly far more important to some than the thousands that might be lost to war or the $billions spent by tax payers chasing shadows... People, including Governments need to wake up before the Rubicon is crossed with No Return... Microsoft Hewlett Packard Enterprise #WhitethornShield #InternetSecurity #Cyberwar #DNS #PKI

We at Forsyte were surprised by the recent cyber attack on Microsoft, especially considering the extensive security measures in place and the reliance of many organizations on Microsoft's security platform. The notable aspect of this attack is that it was a basic password spray attack, which could have been prevented by implementing MFA (Multi-Factor Authentication) on the compromised accounts. At Forsyte, we leverage Microsoft's Security technology to support Guardian 365. As part of Guardian 365, we conduct reviews of our customers' environments to identify and address key vulnerabilities like this. This is why Microsoft is better with Forsyte's Guardian 365 solution than without.

Few voices can cut through the marketing noise around zero trust as well as John Harmon, ex-NSA analyst and current Regional Vice President of Cyber Solutions at Elastic. In our Q&A, he highlights the best approach for federal agencies pursuing zero trust, shares some key pitfalls to avoid, and explains how next-gen tech puts security teams in a better position to tackle incidents like the SolarWinds breach. One of our favorite quotes: “I think it’s important to understand that being a hundred percent compliant [with the executive order on zero trust] is not necessarily the goal. It's probably unachievable, actually. It’s more about how can we make sure that we're getting the gist of the executive order, and changing our mindset so we don't have these huge breaches happen again in the same way.” Read the full Q&A: https://lnkd.in/dP6t7e9V

Microsoft continues to start fires and then try to put them out when it comes to security. Again and again there are issues of them failing to protect customers and even themselves. It raises the question: How can you trust a security platform that cannot secure its own business? https://lnkd.in/gmZv9_Y8

The importance of having a proper #cybersecurity policy and procedure cannot be overstated. Regularly perform #pentests and #vulnerabilityscanning. Organizations need to keep cyberthreats at the top of their minds. The threat actor did not gain access to customer environments, production systems, source code, or #ai systems, according to Microsoft New regulations implemented by the U.S. Securities and Exchange Commission require publicly-owned companies to disclose #cyberincident. What data did they access? Did you know that 365 iT SOLUTIONS powered by F12.net can offer up to 3 financial guarantees when it comes to cybersecurity, cloud services, and SLA? https://lnkd.in/gYgUXn4g #cio #cto #technology #innovation

Dear Connections, I'm excited to share my latest article on the recent Microsoft Global Outage. In this piece, I delve into the causes, impacts, and lessons we can all learn from this significant event in the tech world. The Main problem happened due to a botched update from the world leading cybersecurity firm “Crowdstrike”. There is a manual method to fix the problem.  Boot up your device in recovery mode and browse the file C: \Windows\System32\drivers\CrowdStrike directory and delete the file named "C-00000291*.sys”

Microsoft reported a cyber incident yesterday. The attack used a password spray attack to gain access to a legacy non-production test tenant. The attacker then got access to email accounts of microsoft employees, including those of senior leadership members. This raises many questions of course, but more interestingly it impacts the security decision making in microsoft, and we should all take a good look at this in our organisations. From the microsoft blog: “As we said late last year when we announced Secure Future Initiative (SFI), given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk – the traditional sort of calculus is simply no longer sufficient. For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.” https://lnkd.in/eP4zdZna