Title: Cyberattacks targeting health care must stop
Overview: In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors…
Title: Hunt across cloud app activities with Microsoft 365 Defender
Overview: We’re thrilled to share that the new CloudAppEvents table is now available as a public preview in advanced hunting for Microsoft 365 Defender.
Title: Using the VirusTotal V3 API with MSTICPy and Azure Sentinel
Overview: MSTICPy, our CyberSec toolset for Jupyter notebooks, has supported VirusTotal lookups since the very earliest days (the earliest days being only around two years ago!). We recently had a contribution to MSTICPy from Andres Ramirez and Juan Infantes at VirusTotal (VT), which provides a new Python module to access the recently-released version 3 of their API.
Title: Modernize secure access for your on-premises resources with Zero
Overview: Change came quickly in 2020. More likely than not, a big chunk of your workforce has been forced into remote access. And with remote work came an explosion of bring-your-own-device (BYOD) scenarios, requiring your organization to extend the bounds of your network to include the entire internet (and the added security risks that come with…
Title: Upcoming Changes to Microsoft Information Protection Metadata
Overview: In Microsoft Information Protection (MIP) SDK version 1.7, changes were made to support a new label metadata storage location for Office files – Word, Excel, and PowerPoint. For your applications and services to continue reading and writing MIP sensitivity labels for Office file types, it’s critical that you update to MIP SDK version 1.7. Applications running older versions will not be capable of reading the updated metadata format.
Title: Enriching DDoS Protection Alerts with Logic Apps
Overview: This post will detail how to create enriched DDoS Protection alerts that will provide the information needed to triage and respond.
Title: IoT security: how Microsoft protects Azure Datacenters
Overview: Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices. Security is the foundation for durable innovation and business resilience. Every industry investing in IoT must consider the vulnerabilities of the cyberthreat landscape. For our customers,…
Title: Go inside the new Azure Defender for IoT including CyberX
Overview: In 2020, the move toward digital transformation and Industry 4.0 took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational efficiency and reduce costs. But the cybersecurity model for operational technology (OT) was already shown to be lacking before the pandemic. A series of major cyberattacks across industries served…
Title: Zerologon is now detected by Microsoft Defender for Identity
Overview: There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to provide you with the best detection coverage possible for your domain controllers. Microsoft Defender for…
Title: What's New: Azure Sentinel Logic Apps Connector improvements and
Overview: Azure Sentinel Logic Apps connector is the bridge between Sentinel and Playbooks, serving as the basis of incident automation scenarios. As we prepare for new Incident Trigger capabilities (coming soon), we have made some improvements to bring the most updated experience to playbooks users.
Title: Deploying DDoS Protection Standard with Azure Policy
Overview: One of the most important questions customers ask when deploying Azure DDoS Protection Standard for the first time is how to manage the deployment at scale. A DDoS Protection Plan represents an investment in protecting the availability of resources, and this investment must be applied intentionally across an Azure environment.
Title: Threat actor leverages coin miner techniques to stay under the
radar – here’s how to spot them
Overview: BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020. The group's use of coin miners was unexpected, but it was consistent with their longtime methods of blending in.