Welcome to Our Newsletter
ISEC7 is pleased to bring you our latest product and software updates, news from the cybersecurity world, and our corresponding best practices! This month, we’ll delve into ISEC7 CLASSIFY for Collaboration, new software releases, and lessons learned from recent data breaches and exploits.
Solution Highlight: ISEC7 CLASSIFY for Collaboration
We’re excited to share that ISEC7 CLASSIFY now extends its capabilities to Microsoft SharePoint. With ISEC7 CLASSIFY for Collaboration, organizations can apply consistent, end-to-end classification across the Microsoft 365 ecosystem – ensuring users encounter the same classification logic and options across all platforms and applications.
In the Department of Defense (DoD) and the Defense Industrial Base (DIB), classification has always been a requirement. But today’s digital-first environment, where data can be shared instantly across platforms, has introduced new challenges. Additionally, the emergence of Controlled Unclassified Information (CUI) standards and frameworks like CMMC 2.0 have raised the stakes, requiring organizations to embed classification and access controls directly into their collaboration workflows to maintain compliance and prevent data leakage.
ISEC7 CLASSIFY for Collaboration helps meet this need by enabling classification banners and caveat messages on SharePoint Online modern sites. The banners serve as clear, persistent visual indicators of a site’s sensitivity level, such as “CONFIDENTIAL,” “SECRET,” or “CUI – NOFORN.” Displayed at the top of every page within the site, these banners reinforce awareness for all users interacting with the content, helping prevent accidental misuse, oversharing, or policy violations.
And as Microsoft 365 becomes the digital workspace for millions of users, classification must cover not just documents and emails, but every collaborative surface, including SharePoint. ISEC7 CLASSIFY for Collaboration is built to meet this challenge, helping the public sector, defense, and enterprise customers around the world enforce information protection policies with confidence. If you’re ready to bring classification to the heart of your collaboration strategy, contact us to learn more, or try ISEC7 CLASSIFY in your Microsoft 365 tenant today.
New ISEC7 Software Releases
The release of ISEC7 MAIL for iOS 1.9.7 brings powerful new features and thoughtful improvements to enhance your mobile email experience. You can now delete emails, appointments, contacts, tasks, and notes – even while offline. All offline actions are queued and managed via a new Operations menu. A new “Listen” feature reads out email content using on-device text-to-speech, with CarPlay enhancements for safer driving. Users can also set Microsoft Purview sensitivity labels when composing emails, and request delivery and read receipts. Notes can be grouped by category, and calendar syncing and meeting responses are now more intuitive. Plus, the app includes SDK updates for Omnissa, BlackBerry Dynamics, Citrix, Intune, and Ivanti.
Additionally, the release of ISEC7 SPHERE version 20.7.1 brings a mix of smart enhancements and important fixes to keep your digital workplace running smoothly. Users can now mark tri- and tetragraphs as favorites for quicker access when building classification schema’s, and NOC event logs now include host details for better visibility. Behind the scenes, performance has been improved with fixes to the Ivanti module timing, network adapter status messages, and thread count issues in the monitor service. Plus, the bundled Apache Tomcat has been updated to version 9.0.106 for improved security and stability.
Preventing the Next Breach: Smarter Authentication with Hypergate
In a data breach that cost nearly $400 million, attackers were able to bypass a prominent company’s security simply by calling the outsourced IT service desk, pretending to be employees and were given password information over the phone. Without proper identity verification, they were granted access, escalated privileges, and deployed ransomware. The company has since filed a lawsuit accusing the service desk of gross negligence and failing to follow basic security protocols, such as verifying identity through internal tools or notifying managers of access changes. This incident is a stark reminder that social engineering, rather than sophisticated hacking, can be devastating, and underscores the urgent need for stronger, device-bound authentication.
Hypergate Authenticator eliminates the need for helpdesk-based password resets altogether and enables secure, certificate-based Single Sign-On (SSO) directly tied to a user’s mobile device and Active Directory credentials. Users can reset expired passwords themselves from their smartphones, and authentication happens silently in the background using Kerberos protocols – the same trusted standard used in banks and government agencies. With no additional infrastructure required and seamless integration into existing systems, Hypergate makes it significantly harder for attackers to impersonate users or bypass MFA through social engineering. For organizations that want to maintain data sovereignty without sacrificing user experience, Hypergate bridges the gap between mobile usability and enterprise-grade security.
PSA: SharePoint Exploits, Supply Chain Risks & the FBI and CISA’s Password Reset Warning
In July, Microsoft disclosed two critical vulnerabilities – CVE-2025-49704 and CVE-2025-49706 – affecting on-premises SharePoint servers. These flaws, which enable remote code execution and spoofing, have already been exploited in the wild by multiple Chinese state-affiliated threat actors to deploy ransomware and exfiltrate sensitive data. Microsoft has released urgent patches and mitigation guidance through its official blog, urging all organizations to update their SharePoint environments immediately.
This incident comes amid heightened scrutiny of Microsoft’s security posture. A 2023 breach of Microsoft Exchange Online, also attributed to Chinese state-affiliated actors, prompted a federal memo calling for the elimination of Chinese components from the SharePoint supply chain. This directive is already influencing procurement and compliance strategies across both public and private sectors.
Adding to the urgency, the FBI and CISA have issued a joint advisory warning organizations not to reset passwords in response to attacks by the Scattered Spider group. These threat actors use layered social engineering to impersonate employees, manipulate helpdesk staff, and hijack accounts by resetting passwords and transferring MFA tokens to attacker-controlled devices. The advisory recommends deploying phishing-resistant MFA and tightening helpdesk protocols to prevent exploitation.
These developments underscore the growing complexity of today’s threat landscape, especially as organizations expand their reliance on hybrid infrastructure. They also reinforce the importance of supply chain transparency, proactive patching, and real-time visibility into infrastructure health. ISEC7 SEVENCEES provides a flexible framework for aligning with evolving regulatory and security requirements. Additionally, ISEC7 SPHERE, an essential component of SEVENCEES, delivers deep visibility to help organizations monitor for anomalies and ensure that critical systems are up to date. Together, they offer a powerful defense against both technical exploits and the broader geopolitical risks shaping cybersecurity strategy.
Upcoming Events
Public Sector Law Enforcement Summit
Wednesday September 24th, 2025
Carahsoft Conference and Collaboration Center
11493 Sunset Hills Rd, Suite 100
Reston, VA 20190
Check out our latest blog post
In today’s digital-first and compliance-heavy world, data classification has evolved from a "nice-to-have" policy into an operational and regulatory necessity.
Federal agencies are facing a growing cybersecurity blind spot: forgotten, unmanaged, or unaccounted-for devices – so-called “digital ghosts” – that remain active on networks long after their intended use
The public sector often faces a unique set of challenges when it comes to technology and operational flexibility. In a small city government office, a handful of IT professionals work tirelessly to manage cybersecurity, mobile device policies, and regulatory compliance.
Did You Know?
8 years ago in August 2017, Facebook researchers shut down an AI experiment after two bots began communicating in a language they created themselves. While not malicious, the unexpected behavior sparked widespread concern about the unpredictability of artificial intelligence and the importance of transparency and control in AI systems. The incident remains a memorable moment in AI history and continues to fuel conversations about responsible development and oversight.
Never miss an update! Follow us on LinkedIn:
ISEC7 Group & ISEC7 Government Services
ISEC7 Group
8 Market Place, Suite 405 Baltimore, MD 21202, USA
Tel: (866) 630-1893 | sales@isec7.us
