Microsoft latest security blogs, including some with more information
about recent attacks.
Title: Announcing EDR in block mode general availability
URL: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-edr-in-block-mode-general-availability/ba-p/1972064
Overview: We’re very excited to announce today that endpoint detection and
response (EDR) in block mode is generally available.
Title: EDR in block mode stops IcedID cold
URL: https://www.microsoft.com/security/blog/2020/12/09/edr-in-block-mode-stops-icedid-cold/
Overview: Endpoint detection and response (EDR) in block mode in Microsoft
Defender for Endpoint turns EDR detections into real-time blocking of threats.
Learn how it stopped an IcedID attack.
Title: Building a Zero Trust business plan
URL: https://www.microsoft.com/security/blog/2020/12/09/building-a-zero-trust-business-plan/
Overview: These past six months have been a remarkable time of transformation
for many IT organizations. With the forced shift to remote work, IT
professionals have had to act quickly to ensure people continue working
productively from home—in some cases bringing entire organizations online over
a weekend. While most started by scaling existing approaches, many
organizations…
Title: Widespread malware campaign seeks to silently inject ads into
search results, affects multiple browsers
URL: https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/
Overview: A persistent malware campaign has been actively distributing Adrozek,
an evolved browser modifier malware at scale since at least May 2020. At its
peak in August, the threat was observed on over 30,000 devices every day. The
malware is designed to inject ads into search engine results pages and affects
multiple browsers.
Title: New cloud-native breadth threat protection capabilities in Azure
Defender
URL: https://www.microsoft.com/security/blog/2020/12/10/new-cloud-native-breadth-threat-protection-capabilities-in-azure-defender/
Overview: As the world adapts to working remotely, the threat landscape is
constantly evolving, and security teams struggle to protect workloads with
multiple solutions that are often not well integrated nor comprehensive enough.
This results in serious threats avoiding detection, as well as security teams
suffering from alert fatigue. Azure Defender helps security professionals with
an…
Title: Additional email data in advanced hunting
URL: https://techcommunity.microsoft.com/t5/microsoft-365-defender/additional-email-data-in-advanced-hunting/ba-p/1985849
Overview: We’re thrilled to share new enhancements to the advanced hunting data
for Office 365 in Microsoft 365 Defender. Following your feedback we’ve added
new columns and optimized existing columns to provide more email attributes you
can hunt across. These additions are now available in public preview.
Title: Siemens USA CISO: 3 essentials to look for in a cloud provider
URL: https://www.microsoft.com/security/blog/2020/12/14/siemens-usa-ciso-3-essentials-to-look-for-in-a-cloud-provider/
Overview: Learn why Kurt John of Siemens USA sees continued migration to the
cloud as inevitable across industries.
Title: Ensuring customers are protected from Solorigate
URL: https://www.microsoft.com/security/blog/2020/12/15/ensuring-customers-are-protected-from-solorigate/
Overview: Microsoft is monitoring a dynamic threat environment surrounding the
discovery of a sophisticated attack that included compromised binaries from a
legitimate software. These binaries, which are related to the SolarWinds Orion
Platform, could be used by attackers to remotely access devices. On Sunday, December
13, Microsoft released detections that alerted customers to the presence of…