Microsoft Security Blogs

 Title: Cyberattacks targeting health care must stop

Overview: In recent months, we’ve detected cyberattacks from three nation-state
actors targeting seven prominent companies directly involved in researching
vaccines and treatments for COVID-19. The targets include leading
pharmaceutical companies and vaccine researchers in Canada, France, India,
South Korea, and the United States. The attacks came from Strontium, an actor
originating from Russia, and two actors…

Title: Hunt across cloud app activities with Microsoft 365 Defender
advanced hunting

Overview: We’re thrilled to share that the new CloudAppEvents table
is now available as a public preview in advanced hunting for Microsoft 365

Title: Using the VirusTotal V3 API with MSTICPy and Azure Sentinel
Overview: MSTICPy, our CyberSec toolset for Jupyter notebooks, has supported
VirusTotal lookups since the very earliest days (the earliest days being only
around two years ago!). We recently had a contribution to MSTICPy from Andres
Ramirez and Juan Infantes at VirusTotal (VT), which provides a new Python
module to access the recently-released version 3 of their API.

Title: Modernize secure access for your on-premises resources with Zero
Overview: Change came quickly in 2020. More likely than not, a big chunk of
your workforce has been forced into remote access. And with remote work came an
explosion of bring-your-own-device (BYOD) scenarios, requiring your
organization to extend the bounds of your network to include the entire
internet (and the added security risks that come with…

Title: Upcoming Changes to Microsoft Information Protection Metadata

Overview: In Microsoft Information Protection (MIP) SDK version 1.7, changes
were made to support a new label metadata storage location for Office files –
Word, Excel, and PowerPoint. For your applications and services to continue
reading and writing MIP sensitivity labels for Office file types, it’s critical
that you update to MIP SDK version 1.7. Applications running older versions
will not be capable of reading the updated metadata format.

Title: Enriching DDoS Protection Alerts with Logic Apps
Overview: This post will detail how to create enriched DDoS Protection alerts
that will provide the information needed to triage and respond.

Title: IoT security: how Microsoft protects Azure Datacenters
Overview: Azure Sphere first entered the IoT Security market in 2018 with a
clear mission—to empower every organization on the planet to connect and create
secure and trustworthy IoT devices. Security is the foundation for durable
innovation and business resilience. Every industry investing in IoT must
consider the vulnerabilities of the cyberthreat landscape. For our customers,…

Title: Go inside the new Azure Defender for IoT including CyberX

Overview: In 2020, the move toward digital transformation and Industry 4.0 took
on new urgency with manufacturing and other critical infrastructure sectors
under pressure to increase operational efficiency and reduce costs. But the
cybersecurity model for operational technology (OT) was already shown to be
lacking before the pandemic. A series of major cyberattacks across industries

Title: Zerologon is now detected by Microsoft Defender for Identity
Overview: There has been a huge focus on the recently patched CVE-2020-1472
Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While
Microsoft strongly recommends that you deploy the latest security updates to
your servers and devices, we also want to provide you with the best detection
coverage possible for your domain controllers. Microsoft Defender for…

Title: What’s New: Azure Sentinel Logic Apps Connector improvements and
new capabilities

Overview: Azure Sentinel Logic Apps connector is the bridge between Sentinel
and Playbooks, serving as the basis of incident automation scenarios. As we
prepare for new Incident Trigger capabilities (coming soon), we have made some
improvements to bring the most updated experience to playbooks users.

Title: Deploying DDoS Protection Standard with Azure Policy
Overview: One of the most important questions customers ask when deploying
Azure DDoS Protection Standard for the first time is how to manage the
deployment at scale. A DDoS Protection Plan represents an investment in
protecting the availability of resources, and this investment must be applied
intentionally across an Azure environment.

Title: Threat actor leverages coin miner techniques to stay under the
radar – here’s how to spot them
Overview: BISMUTH, which has been running increasingly complex cyberespionage
attacks as early as 2012, deployed Monero coin miners in campaigns from July to
August 2020. The group’s use of coin miners was unexpected, but it was
consistent with their longtime methods of blending in.