We would like to inform you about the following two critical vulnerabilities affecting SharePoint Server (2016, 2019, SE releases), which allow attackers to use a so-called "ToolShell" attack that provides unauthenticated access to systems and enables malicious actors...
Advanced phishing with legitimate emails
Phishing attacks have evolved, targeting collaborative cloud platforms to bypass conventional email security measures. Microsoft SharePoint and OneNote have become prominent tools for these sophisticated attacks. As email protection solutions advance, so do the...
Your MFA solution is unsafe (most likely)
SMS and One Time Passcodes Having any MFA is better than relying on passwords alone, but weak or poorly implemented MFA can still leave organizations vulnerable to attacks. Push and mobile-based one-time passcodes are becoming more and more vulnerable to attacks. With...
Data is your responsibility, especially when your cloud provider fails you
When using cloud-based services as a customer, it’s easy to forget about one’s own responsibilities: cloud is elastic, agile, scalable, and you don’t have to buy, place and cool big, power-hungry server machines in your datacenter. You pay your monthly bill, and the...