Author: jay f

 Title: International
Women’s Day: How to support and grow women in cybersecurity

URL: https://www.microsoft.com/security/blog/2021/03/08/international-womens-day-how-to-support-and-grow-women-in-cybersecurity/

 

CISA
Strongly Urges All Organizations to Immediately Address Microsoft Exchange
Vulnerabilities

03/08/2021 07:31 PM EST

 

Original
release date: March 8, 2021

CISA has published a Remediating
Microsoft Exchange Vulnerabilities web page that strongly urges all
organizations to immediately address the recent Microsoft Exchange Server
product vulnerabilities. As exploitation of these vulnerabilities is widespread
and indiscriminate, CISA strongly advises organizations follow the guidance
laid out in the web page. The guidance provides specific steps for both leaders
and IT security staff and is applicable for all sizes of organizations across
all sectors.

 Title: MCAS Data Protection
Blog Series: MCAS DLP Walk-Through

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/mcas-data-protection-blog-series-mcas-dlp-walk-through/ba-p/2169900

Original
release date: February 9, 2021

Apple has released security updates to address vulnerabilities in macOS Big
Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could
exploit these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Apple security
update and apply the necessary updates. 

This product is provided subject to this Notification
and this Privacy
& Use policy.

 Title:
Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094,
and CVE-2021-24086

URL: https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/
Published On (YYYY-dd-MM):2021-09-02
Overview:
Today Microsoft released a set of fixes affecting Windows TCP/IP
implementation that include two Critical Remote Code Execution
(RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and
an Important Denial of Service
(DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are
complex which make it difficult to
create functional exploits, so they are not
likely in the short term. We believe attackers will be able to create
DoS exploits much more quickly and expect all three issues might
be exploited with a DoS attack shortly after
release. Thus, we recommend customers move …

Multiple Security Updates Affecting TCP/IP: 
CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 Read More »

 

Azure AD B2C Deep Dive Webinar Series Virtual Event | 2/19 – 5/14, 2021 | 3:00 – 4:30pm, GMT   Please join us for Azure AD B2C series. You can register for all sessions or pick topics of interest to you. – Join the entire series – Register here   Session 1 – February 19th – Azure AD B2C overview This session focuses on understanding the use case and architecture for Azure AD B2C. When do I use it? How does it work? How can I configure it? What is the roadmap? The session will be a combination of slides and demos ranging from basic to more advanced tasks. Register here   Session 2 – March 12th – How to deploy Azure AD B2C from scratch Learn how to create your Azure AD B2C environment, configure connections to identity providers, customize attribute collection and add your branding: Create your Azure AD B2C directory Connect with social and enterprise identity providers Integrate your applications and systems Brand and customize the user experience Register here   Session 3 – April 9th- Get started with Azure AD B2C custom policies Learn how to set up the Azure AD B2C policy and relying party policies. Explorer the custom policy XML elements, and file structure. Deploy a custom policy starter pack (manual and automatically) Understanding the basics of custom policy: claims, claims transformation, user journeys, technical profile, and relying party policy. Customized your policy (add sign-in option with social IDP, customized the UX, and more) Troubleshooting Register here   Session 4 – May 14th- Extend B2C capability through ISV partner ecosystem Learn how to extend B2C capabilities through ISV partner ecosystem. Enable bot detection, fraud protection, device fingerprinting and provide secure hybrid access to on-premise/legacy applications with ISV partners. Scenario: Prevent fraudulent accounts from being created Understand if user is logging in with a new or known device Enable Azure AD B2C for on-premise  applications Register here   We look forward to you joining us!

Original
release date: February 9, 2021

Microsoft has released a security advisory to address an escalation of
privileges vulnerability, CVE-2021-1732,
in Microsoft Win32k. A local attacker can exploit this vulnerability to take
control of an affected system. This vulnerability was detected in exploits in
the wild.

CISA encourages users and administrators to review Microsoft Advisory for
CVE-2021-1732 and apply the necessary patch to Windows 10 and Windows 2019
servers.

This product is provided subject to this Notification
and this Privacy
& Use policy.

 

 Title:
Microsoft Cloud App Security User Interface Updates

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-cloud-app-security-user-interface-updates/ba-p/2083113

Overview: In the coming months, Cloud App Security will be updating its UI to provide a more consistent experience across Microsoft 365 security portals. 

Title: Protect your Box
environment and Data using Microsoft Cloud App Security
URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/protect-your-box-environment-and-data-using-microsoft-cloud-app/ba-p/2080226

We have a new Microsoft Security blog for your consideration.
Title: What’s new:
Dedicated clusters for Azure Sentinel
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-dedicated-clusters-for-azure-sentinel/ba-p/2072539

Overview: If you ingest over 1Tb per day into your Azure Sentinel workspace and/or
have multiple Azure Sentinel workspaces in your Azure enrolment, you may want
to consider migrating to a dedicated cluster, a recent addition to the
deployment options for Azure Sentinel.

Title: Categorizing
Microsoft alerts across data sources in Azure Sentinel
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/categorizing-microsoft-alerts-across-data-sources-in-azure/ba-p/1503367

Overview: In today’s security operation centers (SOCs),
analysts have a large set of security solutions that they leverage to protect
their organization and monitor activity. However, when setting up a SIEM it is
challenging to prioritize what data to ingest and what protections each
solution provides. SOCs must consider size and cost of ingestion, detections,
and necessary use cases for each data source they would like to connect to
their SIEM.  Because of these considerations, SOCs should focus on
ingesting data that is critical and has a low level of overlap to reduce the
probability of double ingestion

Title:
Deep dive into the Solorigate second-stage activation: From SUNBURST to
TEARDROP and Raindrop
URL: https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/

Overview: One missing link in the complex Solorigate attack chain is the handover from
the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the
jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader
(TEARDROP, Raindrop, and others) happen? What code gets triggered, and what
indicators should defenders look for?

Title: What’s new:
Managed Identity for Azure Sentinel Logic Apps connector
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-managed-identity-for-azure-sentinel-logic-apps/ba-p/2068204

Overview: Now available: Grant permissions
directly to a playbook to operate on Azure Sentinel, instead of creating additional identities. 

Title: Microsoft
Defender for Endpoint: Automation defaults are changing

URL: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-automation-defaults-are-changing/ba-p/2068744

Overview: We are excited to announce that we are about to increase our customers’
protection by upgrading the default automation level of our Microsoft Defender
for Endpoint customers who have opted into public previews from Semi – require approval for any remediation
to Full – remediate
threats automatically. 

Title:
The dynamic duo: How to build a red and blue team to strengthen your
cybersecurity, Part 2
URL: https://www.microsoft.com/security/blog/2021/01/21/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2/

Overview:

In this blog Jake Williams, Founder of Rendition InfoSec shares his insights
on the 2020 threat landscape—who to watch for and why—and offers cybersecurity
guidance and best practices on how to structure and evolve red and blue teaming
within your organization. 

Free Training in Azure Sentinel

 https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310

 

EDPB Publishes Guidelines on Examples Regarding Data Breach Notification