Guardian Digital Inc.’s Post

📧💡 How can end-to-end encryption in Microsoft 365 transform how IT admins manage email security? Read about the benefits and implementation steps. #microsoft365 #TechSecurity #CyberDefense #SecureNetworks https://lnkd.in/ekJGsidF

Microsoft pulls Exchange security updates over mail delivery issues Microsoft has pulled the November 2024 Exchange security updates released during this month's Patch Tuesday because of email delivery issues on servers using custom mail flow rules. The company announced it pulled the updates from Windows Update and the Download Center following widespread reports from admins saying that email had stopped flowing altogether. This issue affects customers using transport rules (also known as mail flow rules) or data loss protection (DLP) rules, which will stop periodically after installing the November Exchange Server 2016 and Exchange Server 2019 security updates. While mail flow rules filter and redirect emails in transit (just as Outlook inbox rules for emails that have already landed in the user's mailbox), DLP rules prevent sensitive information from being accidentally shared or leaked outside an organization. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

Microsoft Mail Issues Caused by November Patch Microsoft has promptly pulled the November 2024 Exchange security updates and is actively working on a fix. Check if these were applied in your environment as they may cause mail delivery issues. Here are some key takeaways: -The November 2024 Exchange security updates have resulted in email delivery problems for a subset of users. -Microsoft has taken swift action to pull the updates. -A fix is underway, but a timeframe hasn't yet been announced. https://lnkd.in/eH6B9pQC #microsoft #exchange #securityupdates #emailadministrator #cybersecurity #ciso #vciso #incidentresponse #patchmanagement

Microsoft has pulled its November 2024 Exchange security updates following widespread email delivery disruptions. The issue affects organizations using custom mail flow rules and DLP policies on Exchange Server 2016 and 2019, causing periodic email flow stoppages. Updates have been removed from Windows Update and Download Center. Organizations experiencing issues are advised to uninstall the updates. Those not using transport/DLP rules can safely continue using the updates. Microsoft is working on a permanent fix that will be released soon. The update included protection against a high-severity vulnerability (CVE-2024-49040) that could allow email sender spoofing. While Microsoft works on the patch, admins should stay alert for further announcements. #Cybersecurity #Microsoft #TechNews #InfoSec #ExchangeServer https://lnkd.in/gvdT4Nua

Fortinet FortiMail vs Kaspersky Security for Mail Server comparison Fortinet and Kaspersky are both solutions in the Email Security category. Fortinet is ranked #4 with an average rating of 8.2, while Kaspersky is ranked #22 with an average rating of 8.5. Fortinet holds a 7.2% mindshare in Email Security, compared to Kaspersky’s 1.2% mindshare. Additionally, 94% of Fortinet users are willing to recommend the solution, compared to 100% of Kaspersky users who would recommend it. https://lnkd.in/drcXEXec

Don't let data theives masquerade as authorized users. Lock down your data and applications with a @Microsoft zero trust security solution. #SolutionStackYourITpartner Read this article to learn more. 👉

"Among the large batch of security patches that Microsoft released on Tuesday was an especially nasty hole within Microsoft’s Outlook email client, one that would allow an attacker full access by simply sending the user an email, even if the recipient chooses to not open the message. If the attack is successful, the end user would have no way of knowing that they have been attacked. “You will not know. You will not experience anything,” said Michael Gorelik, the chief technology officer at Morphisec, the security firm that says it discovered the hole and reported it to Microsoft. Gorelik said that the hole that was already patched did require that the attacker have email credentials for the attack to work. But, he added, “Even if the attacker has email credentials, it does not mean he had access to the network or the computer. Any normal organization has to assume that some of its employees’ credentials are out by definition.” After all, he pointed out, “If adversaries could execute code in the network by merely having email credentials, we would have 1000% more cases of ransomware compromise and we wouldn’t need initial access brokers.” The risk is still there Of far greater concern, Gorelik said, is that this flaw may indicate the existence of similar zero-click holes that Microsoft has yet to patch. “There are at least two more confirmed CVEs that have yet to be patched, (both of) which lead to full NTLM [Network Trust Level Manager] compromise, so the risk is still there,” Gorelik told CSO Online on Wednesday. The hole, which Microsoft has dubbed CVE-2024-38173, allows any email malware to be activated without the recipient opening the message, courtesy of Outlook’s popular email preview function. But even for those who are not using mail preview, the malware is still likely to be activated, as most corporate employees would likely open those messages. They know to not open an unknown attachment or click on an unexpected link, but this attack methodology requires neither of those actions. “The discovery of CVE-2024-38173 highlights a critical flaw in the form-based architecture of Outlook, where an attacker with access to an account can craft and propagate a malicious form that evades detection due to a faulty deny list implementation,” Gorelik said. " https://lnkd.in/gzB-JEgD

Don't let data theives masquerade as authorized users. Lock down your data and applications with a @Microsoft zero trust security solution. Read this article to learn more. 👉

Don't let data theives masquerade as authorized users. Lock down your data and applications with a @Microsoft zero trust security solution. Read this article to learn more. 👉

Don't let data theives masquerade as authorized users. Lock down your data and applications with a @Microsoft zero trust security solution. Read this article to learn more. 👉