Wednesday, December 16, 2020

Microsoft Security Blogs

 Microsoft latest security blogs, including some with more information about recent attacks.

Title: Announcing EDR in block mode general availability
Overview: We’re very excited to announce today that endpoint detection and response (EDR) in block mode is generally available.

Title: EDR in block mode stops IcedID cold
Overview: Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats. Learn how it stopped an IcedID attack.

Title: Building a Zero Trust business plan
Overview: These past six months have been a remarkable time of transformation for many IT organizations. With the forced shift to remote work, IT professionals have had to act quickly to ensure people continue working productively from home—in some cases bringing entire organizations online over a weekend. While most started by scaling existing approaches, many organizations…

Title: Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
Overview: A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages and affects multiple browsers.

Title: New cloud-native breadth threat protection capabilities in Azure Defender
Overview: As the world adapts to working remotely, the threat landscape is constantly evolving, and security teams struggle to protect workloads with multiple solutions that are often not well integrated nor comprehensive enough. This results in serious threats avoiding detection, as well as security teams suffering from alert fatigue. Azure Defender helps security professionals with an…

Title: Additional email data in advanced hunting
Overview: We’re thrilled to share new enhancements to the advanced hunting data for Office 365 in Microsoft 365 Defender. Following your feedback we’ve added new columns and optimized existing columns to provide more email attributes you can hunt across. These additions are now available in public preview.

Title: Siemens USA CISO: 3 essentials to look for in a cloud provider
Overview: Learn why Kurt John of Siemens USA sees continued migration to the cloud as inevitable across industries.

Title: Ensuring customers are protected from Solorigate
Overview: Microsoft is monitoring a dynamic threat environment surrounding the discovery of a sophisticated attack that included compromised binaries from a legitimate software. These binaries, which are related to the SolarWinds Orion Platform, could be used by attackers to remotely access devices. On Sunday, December 13, Microsoft released detections that alerted customers to the presence of…