Please turn on your JavaScript for this page to function normally.
Eye
Microsoft lost some customers’ cloud security logs

Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, …

Windows
Use Windows event logs for ransomware investigations, JPCERT/CC advises

The JPCERT Coordination Center – the first Computer Security Incident Response Team established in Japan – has compiled a list of entries in Windows event logs …

fluentbit
Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be …

Microsoft SharePoint
New covert SharePoint data exfiltration techniques revealed

Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. …

Microsoft
Microsoft begins broadening free cloud logging capabilities

After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using …

Windows
A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs

A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for …

Logging Made Easy
Logging Made Easy: Free log management solution from CISA

CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. …

Microsoft
Thanks Storm-0558! Microsoft to expand default access to cloud logs

Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, …

Okta
A common user mistake can lead to compromised Okta login credentials

Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those …

cloud
Google Cloud Platform allows data exfiltration without a (forensic) trace

Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s …

tracking
How to avoid security blind spots when logging and monitoring

Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the …

Log4Shell: A retrospective

Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and …

Don't miss

Cybersecurity news