92 matches found
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management
Summary There are vulnerabilities in Node.js used by IBM® Cloud App Management. IBM® Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details CVEID:CVE-2019-15604 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper certificate...
Security Bulletin: A vulnerability in Oracle Java SE affects IBM Cloud App Management (CVE-2020-2654)
Summary An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. This vulnerability has been addressed in a later version of IBM Clou...
A guide to combatting human-operated ransomware: Part 1
This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. Microsoft’s Detection...
A guide to combatting human-operated ransomware: Part 1
This blog is part one of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. Microsoft’s Detection...
U.S. Dept Of Defense: Subdomain takeover [████████]
The subdomain ███████ was pointing to an Azure Cloud App domain araz-sp.centralus.cloudapp.azure.com, but that endpoint was not registered. Impact It's extremely vulnerable to attacks as a malicious user could create any web page with any content and host it on the vulnerable domain. This would...
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...
CVE-2021-21736
A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory...
Forrester names Microsoft a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021
I am thrilled to share that Forrester Research has named Microsoft Cloud App Security as a Leader in The Forrester Wave: Cloud Security Gateways, Q2 2021. Additionally, Microsoft received the highest score in the strategy category. People have increasingly used cloud apps to stay productive and...
A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security
Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers CASB. The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security...
Gartner names Microsoft a Leader in the 2020 Magic Quadrant for Cloud Access Security Brokers
The past few months have changed the way we work in many ways, working from home, social distancing, and remote operations have all had impacts on our previously known ways of life. At Microsoft, we have been working hard to assist our customers adjust to this rapidly changing and evolving work...
Gartner names Microsoft a Leader in the 2020 Magic Quadrant for Cloud Access Security Brokers
The past few months have changed the way we work in many ways, working from home, social distancing, and remote operations have all had impacts on our previously known ways of life. At Microsoft, we have been working hard to assist our customers adjust to this rapidly changing and evolving work...
Extend data loss prevention to your devices with Microsoft Endpoint Data Loss Prevention, now generally available
Microsoft Endpoint Data Loss Prevention Endpoint Data Loss Prevention DLP | What it is and how to set it up in Microsoft 365. Watch today Managing and protecting data is critical to any organization. Data is growing exponentially, and remote work is making it even harder to manage risks around...
Extend data loss prevention to your devices with Microsoft Endpoint Data Loss Prevention, now generally available
Microsoft Endpoint Data Loss Prevention Endpoint Data Loss Prevention DLP | What it is and how to set it up in Microsoft 365. Watch today Managing and protecting data is critical to any organization. Data is growing exponentially, and remote work is making it even harder to manage risks around...
Enable secure remote work, address regulations and uncover new risks with Microsoft Compliance
As we talk with a broad range of customers in the current environment, we hear some consistent challenges businesses are facing. With so many remote workers, people are creating, sharing, and storing data in new ways, which fosters productivity, but can also introduce new risks. A recent Microsof...
Microsoft Zero Trust deployment guide for your applications
Introduction More likely than not, your organization is in the middle of a digital transformation characterized by increased adoption of cloud apps and increased demand for mobility. In the age of remote work, users expect to be able to connect to any resource, on any device, from anywhere in the...
Microsoft and Corrata integrate to extend cloud app security to mobile endpoints
This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. The growth of mobile and remote work and the emergence of the “post perimeter” world has made keeping track of shadow IT a huge challenge for enterprise IT teams. What...
Microsoft Warns on OAuth Attacks Against Cloud App Users
Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services...
New study shows customers save time, resources and improve security with Microsoft Cloud App Security
The global pandemic has forever changed our workplaces and reshaped our cybersecurity priorities. While in recent months cloud apps have helped people around the globe stay productive and connected. They also pose an increased cybersecurity risk to businesses large and small, especially when you...
IBM Cloud App Management Information Disclosure Vulnerability
IBM Cloud App Management is a set of infrastructure monitoring solutions based on microservices architecture from IBM, USA. The product is able to provide application-aware and infrastructure monitoring, analytics and more. An information disclosure vulnerability exists in IBM Cloud App Managemen...
IBM Cloud App Management Cross-Site Request Forgery Vulnerability
IBM Cloud App Management is a set of infrastructure monitoring solutions based on microservices architecture from IBM, USA. The product is able to provide application-aware and infrastructure monitoring, analytics and more. A cross-site request forgery vulnerability exists in IBM Cloud App...