My information Resource (blog.mir.net)

Title:
Increasing resilience against Solorigate and other sophisticated attacks with
Microsoft Defender

URL: https://www.microsoft.com/security/blog/2021/01/14/increasing-resilience-against-solorigate-and-other-sophisticated-attacks-with-microsoft-defender/
Published On
(YYYY-dd-MM): 2021-14-01
Overview:

This blog is a guide for security administrators using Microsoft 365
Defender and Azure Defender to identify and implement security configuration
and posture improvements that harden enterprise environments against
Solorigate’s attack patterns.

The post Increasing
resilience against Solorigate and other sophisticated attacks with Microsoft
Defender appeared first on Microsoft Security.

Original
release date: January 14, 2021

Cisco has released security updates to address vulnerabilities in Cisco
products. A remote attacker could exploit some of these vulnerabilities to take
control of an affected system. For updates addressing lower severity
vulnerabilities see the Cisco
Security Advisories page.

CISA encourages users and administrators to review the following Cisco
Advisories and apply the necessary updates:

• AnyConnect Secure Mobility Client for Windows DLL Injection
  Vulnerability cisco-sa-anyconnect-dll-injec-pQnryXLf
  
• Connected Mobile Experiences Privilege Escalation
  Vulnerability cisco-sa-cmxpe-75Asy9k
  
• Small Business RV110W, RV130, RV130W, and RV215W
  Routers Management Interface Command Injection Vulnerabilities cisco-sa-rv-command-inject-LBdQ2KRN
  
• Small Business RV110W, RV130, RV130W, and RV215W
  Routers Management Interface Remote Command Execution and Denial of
  Service Vulnerabilities cisco-sa-rv-overflow-WUnUgv4U
  

 CVE: CVE-2020-29583

Summary

Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from EYE Netherlands. Users are advised to install the applicable firmware updates for optimal protection.

What is the vulnerability?

A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable products and are releasing firmware patches to address the issue, as shown in the table below. For optimal protection, we urge users to install the applicable updates. For those not listed, they are not affected. Contact your local Zyxel support team if you require further assistance.

Go Here For more details go Here   or Here

 

Title: Terranova Security Gone Phishing Tournament reveals continued weak
spot in cybersecurity
URL: https://www.microsoft.com/security/blog/2020/12/16/terranova-security-gone-phishing-tournament-reveals-continued-weak-spot-in-cybersecurity/

Overview: See which industries had the highest click rates, as well as results
sorted by organization size, previous training, and more.

 

Title: Data Connector Health – Push Notification Alerts
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/data-connector-health-push-notification-alerts/ba-p/1996442

Overview: This enhanced solution builds on the existing “Connector Health
Workbook” described in this video. The Logic App leverages underlying KQL queries to
provide you with an option to configure “Push notifications” to e-mail and/or a
Microsoft Teams channel based on user defined anomaly scores as well as time
since the last “Heartbeat” from Virtual Machines connected to the workspace.
Below is a detailed description of how the rule and the logic app are put
together. The solution is available for deployment from the official Azure
Sentinel GitHub repo on this link .

 

Title: Becoming resilient by understanding cybersecurity risks: Part 2
URL: https://www.microsoft.com/security/blog/2020/12/17/becoming-resilient-by-understanding-cybersecurity-risks-part-2/

Overview: Whilst this may be uncomfortable reading, the ability to pre-empt and
respond quickly to these attacks is now an organizational imperative that requires
a level of close collaboration and integration throughout your organization
(which may not have happened to date).

 

Title: A breakthrough year for passwordless technology
URL: https://www.microsoft.com/security/blog/2020/12/17/a-breakthrough-year-for-passwordless-technology/ 

Overview: Learn how Microsoft and its partners are advancing IAM through secure
passwordless access.

 

Title: A “quick wins” approach to securing Azure Active Directory and
Office 365 and improving your security posture
URL: https://www.microsoft.com/security/blog/2020/12/17/a-quick-wins-approach-to-securing-azure-active-directory-and-office-365-and-improving-your-security-posture/
Overview: This blog post will explain simple Microsoft security defaults and
Secure Score—two features you should take advantage of that are easy to utilize
and can significantly improve security in Azure AD and Office 365
configurations.

 

Title: New Advanced Hunting data source assists recent nation-state
attack investigations
URL: https://techcommunity.microsoft.com/t5/microsoft-365-defender/new-advanced-hunting-data-source-assists-recent-nation-state/ba-p/1999523
Overview: We are happy to announce the availability of a new data source in Microsoft 365 Defender Advanced Hunting.

 

Title: Announcing new Microsoft Information Protection capabilities to
know and protect your sensitive data
URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/announcing-new-microsoft-information-protection-capabilities-to/ba-p/1999692

Overview: Microsoft Information Protection (MIP) is a built-in,
intelligent, unified, and extensible solution to protect sensitive data in
documents and emails across your organization. MIP provides a unified set of
capabilities to know and protect your data and prevent data loss across
Microsoft 365 apps (e.g., Word, PowerPoint, Excel, Outlook), services (e.g.,
Microsoft Teams, SharePoint, Exchange, Power BI), on-premises locations (e.g.,
SharePoint Server, on-premises files shares), devices, and third-party apps and
services (e.g., Box and Dropbox).

 

Title: Collaborative innovation on display in Microsoft’s insider risk
management strategy
URL: https://www.microsoft.com/security/blog/2020/12/17/collaborative-innovation-on-display-in-microsofts-insider-risk-management-strategy/

Overview: Partnering with organizations like Carnegie Mellon University allows
us to bring their rich research and insights to our products and services, so
customers can fully benefit from our breadth of signals.  

 

Title: New Threat analytics report shares the latest intelligence on
recent nation-state cyber attacks
URL: https://techcommunity.microsoft.com/t5/microsoft-365-defender/new-threat-analytics-report-shares-the-latest-intelligence-on/ba-p/2001095

Overview: Microsoft security researchers have been investigating and responding
to the recent nation-state cyber-attack involving a supply-chain compromise
followed by cloud assets compromise.

 Deploy
and scale virtualized desktops and apps on Azure for more secure, productive
remote work—for all employees at any location. Explore these tutorials from
Microsoft Learn to get started with Windows Virtual Desktop.

Take
the tutorials to:

• Understand configuration
  workflow steps and get a checklist to help you prepare, deploy, and
  optimize.
• Learn how to enable concurrent
  users on a single virtual machine (VM) with simplified server
  management—and learn your options to load balance users using VM host pools.

Find out how to virtualize across
devices—including Windows, Mac, iOS, and Android—to access remote desktops and
apps.

     Microsoft security researchers continue to investigate and respond to the sophisticated cyberattack known as Solorigate (also referred to as Sunburst by FireEye) involving a supply chain compromise and the subsequent compromise of cloud assets. While the related investigations and impact assessments are ongoing, Microsoft is providing visibility into the attack chains and related threat intelligence to the defender community as early as possible so organizations can identify and take action to stop this attack, understand the potential scope of its impact, and begin the recovery process from this active threat. We have established a resource center that is constantly updated as more information becomes available at https://aka.ms/solorigate.

    Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers.

For detail info click here

You are subscribed to National Cyber Awareness System Current Activity for
Cybersecurity and Infrastructure Security Agency. This information has recently
been updated, and is now available.

CISA
Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity

12/23/2020 12:55 PM EST

 

Original
release date: December 23, 2020

CISA is tracking a known compromise involving SolarWinds Orion products that
are currently being exploited by a malicious actor. An advanced persistent
threat (APT) actor is responsible for compromising the SolarWinds Orion
software supply chain, as well as widespread abuse of commonly used
authentication mechanisms. If left unchecked, this threat actor has the
resources, patience, and expertise to resist eviction from compromised networks
and continue to hold affected organizations at risk.

In response to this threat, CISA has issued CISA Insights: What
Every Leader Needs to Know About the Ongoing APT Cyber Activity. This CISA
Insights provides information to leaders on the known risk to organizations and
actions that they can take to prioritize measures to identify and address these
threats.

CISA has also created a new Supply
Chain Compromise webpage to consolidate the many resources—including Emergency
Directive (ED) 21-01 and Activity Alert AA20-352A:
Advanced Persistent Threat Compromise of Government Agencies, Critical
Infrastructure, and Private Sector Organizations—that we have released on
this compromise. CISA will update the webpage to include partner resources that
are of value to the cyber community.

To read the latest CISA Insights, visit CISA.gov/insights.
For more information on the SolarWinds Orion software compromise, visit CISA.gov/supply-chain-compromise.

This product is provided subject to this Notification
and this Privacy
& Use policy.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of
active exploitation of SolarWinds Orion Platform software versions 2019.4
through 2020.2.1, released between March 2020 and June 2020.

CISA encourages affected organizations to read the SolarWinds and FireEye advisories for
more information and FireEye’s GitHub page for detection countermeasures:

• SolarWinds
  Security Advisory
• FireEye
  Advisory: Highly Evasive Attacker Leverages SolarWinds Supply Chain to
  Compromise Multiple Global Victims With SUNBURST Backdoor
• FireEye
  GitHub page: Sunburst Countermeasures 
   

This product is provided subject to this Notification
and this Privacy
& Use policy.

 This Post by Alex Weinert is important to read 

Protecting Microsoft 365 from on-premises attacks