هذا الأسبوع أعلنّا عن الفائزين في مسابقة Pet Hacks. وبعدها، بدأنا مسابقة جديدة اسمها The One Hertz Challenge. يعني، بدل ما نحبس نفسنا في الروتين، في تحديات جديدة. بس بصراحة، الكل عنده قيود وإبداع، ومش دايمًا الأمور بتكون ممتعة. يعني، إذا حابين تشاركوا، تقدروا تسوّوا كذا وكذا، بس ما في حماس كبير. #تحديات #إبداع #مسابقات #ممل #قيود

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authenticationfor all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed #microsoft #security #spotlight #after #washington

The recent wave of cyber attacks targeting UK retailers has been a moment of reckoning for the entire retail industry. As someone who went through supporting one of the largest retail breaches in history, this news hits close to home. The National Cyber Security Centre’scall to strengthen IT support protocols reinforces a hard truth: cybersecurity is no longer just a technical/operational issue. It’s a business issue that directly affects revenue, customer trust, and brand reputation. Retailers today are navigating an increasingly complex threat landscape, while also managing a vast user base that needs to stay informed and secure. The recent attacks don’t represent a failure, but an opportunity - an inflection point to invest in stronger visibility, continuous monitoring and a culture of shared responsibility that meets the realities of modern retail. We know that the cyber groups responsible for the recent retail hacks used sophisticated social engineering techniques, such as impersonating employees to deceive IT help desks into resetting passwords and providing information, thereby gaining unauthorised access to internal systems. Employees are increasingly a target, and retailers employ some of the largest, most diverse workforces, making them an even bigger risk with countless touchpoints for breaches. In these organisations, a cybersecurity-first culture is vital to combatting threats. Cybersecurity-first culture includes employees that are aware of these types of attacks and understand how to report them if they are contacted. In order to establish a cybersecurity-first culture, employees must be empowered to recognise and respond to threats, not just avoid them. This can be done through simulation training and threat assessments - showcasing real life examples of threats and brainstorming possible solutions to control and prevent further and future damage. This allows security teams to focus on strategy instead of constant firefighting, while leadership support - through budget, tools, and tone - reinforces its importance at every level. In addition to support workers, vendors also pose a significant attack path for bad actors. According to data from Elastic Path, 42% of retailers admit that legacy technology could be leaving them exposed to cyber risks. And with the accelerating pace of innovation, modern cyber threats are not only more complex, but often enter through unexpected avenues, like third-party vendors. Research from Vanta shows 46% of organisations say that a vendor of theirs has experienced a data breach since they started working together. The M&S breach is a case in point, with it being reported that attackers exploited a vulnerability in a contractor’s systems, not the retailer’s own. This underscores that visibility must extend beyond your perimeter to encompass the entire digital supply chain, in real time. Threats don’t wait for your quarterly review or annual audit. If you're only checking your controls or vendor status once a year, you're already behind. This means real-time visibility is now foundational to cyber defence. We need to know when something changes the moment it happens. This can be done through continuous monitoring, both for the technical controls and the relationships that introduce risk into your environment. We also need to rethink the way we resource and prioritise that visibility. Manual processes don’t scale with the complexity of modern infrastructure. Automation and tooling can help surface the right signals from the noise - whether it’s misconfigurations, access drift, or suspicious vendor behavior. The best case scenario is that security measures are embedded into all digital architecture, utilising a few security ‘must haves’ such as secure coding, continuous monitoring, and regular testing and improvement. Retailers who want to get proactive and about breaches following the events of the last few weeks can follow this action plan to get started: First, awareness - have your security leadership send a message out to managers of help desks and support teams to make sure they are aware of the recent attacks on retailers, and are in a position to inform teams of what to look out for. Then, investigate - pinpoint the attack path used on other retailers to make sure you have a full understanding of the risk to your organisation. After that, assess - conduct a threat assessment to identify what could go wrong, or how this attack path could be used in your organisation. The final step is to identify - figure out the highest risk gaps in your organisation, and the remediation steps to address each one. Strong cybersecurity doesn’t come from quick fixes - it takes time, leadership buy-in, and a shift in mindset across the organisation. My advice to security teams is simple: speak in outcomes. Frame cyber risk as business risk, because that’s what it is. The retailers that have fallen victim to recent attacks are facing huge financial losses, which makes this not just an IT issue - it’s a boardroom issue. Customers are paying attention. They want to trust the brands they buy from, and that trust is built on transparency and preparation. The recent retail attacks aren’t a reason to panic - they’re a reason to reset, evaluate current state risks, and fully understand the potential impacts of what is happening elsewhere. This is the moment to invest in your infrastructure, empower your teams, and embed security into your operations. The organisations that do this now won’t just be safer - they’ll be more competitive, more resilient, and better positioned for whatever comes next. Jadee Hanson is the Chief Information Security Officer at Vanta about cyber security in retail Content Goes Here Harrods becomes latest UK retailer to fall victim to cyber attack Retail cyber crime spree a ‘wake-up call’, says NCSC CEO Retail cyber attacks hit food distributor Peter Green Chilled #fortifying #retail #how #brands #can