SOURCE: otx.alienvault.com | Created: 2 years ago | Updated: 2 months ago CVE Overview: In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating…
Category: Microsoft 365
Microsoft Teams Minimum Viable Secure Configuration Baseline / Draft Version 0.1
Source: CISA | Released: October 2022 | By: Secure Cloud Business Applications (SCuBA) Microsoft Teams is a text and live chat workspace in Microsoft 365 (M365) that supports videocalls, chat messaging, screen-sharing, and file sharing. It has a permission-based teamstructure for managing calls and files. Microsoft teams also enables teams to manage their ownuser access…
OneDrive for Business Minimum Viable Secure Configuration Baseline
Source: CISA | Released: October 2022 | By: Secure Cloud Business Applications (SCuBA) OneDrive for Business is a cloud-based file storage system with online editing andcollaboration tools for Microsoft Office documents and is part of Office 365. OneDrive forBusiness facilitates synchronization across multiple devices and enables secure, compliant,and intelligent collaboration with multiple people.This security baseline…
CISA Releases Free Detection Tool for Azure/M365 Environments
Source: CISA | Released: December 2020 CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen…
Microsoft Office 365 Security Recommendations
Source: CISA | Type: Alert AA20-120A | Release: April 29, 2020 As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of…