logging
-
Blog
Play ransomware exploited Windows logging flaw in zero-day attacks
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability, tracked as CVE-2025-29824, was tagged by Microsoft as exploited in a limited number of attacks and patched during last month’s Patch Tuesday. “The targets include organizations in the information technology (IT) and…
Read More » -
Blog
Microsoft Entra account lockouts caused by user token logging mishap
Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. On Saturday morning, numerous organizations reported that they began receiving Microsoft Entra alerts that accounts had leaked credentials, causing the accounts to be locked out automatically. Impacted customers initially thought the account lockouts were tied to the…
Read More » -
Blog
CISA shares guidance for Microsoft expanded logging capabilities
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. As the cybersecurity agency explained, these newly introduced Microsoft Purview Audit (Standard) logging capabilities support enterprise cybersecurity operations by providing access to information on critical events such as mail sent, mail accessed, and user…
Read More »