Security News

With Microsoft Defender for Cloud, cloud security posture management features are now available for Google Cloud Platform, as well as AWS and Azure. Almost 90% of enterprises use more than one public cloud provider, according to Flexera's 2023 State of the Cloud survey.

Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses. [...]

Microsoft has introduced a new Microsoft Defender capability named "Performance mode" for developers on Windows 11, tuned to reduce the impact of antivirus scans when analyzing files stored on Dev Drives.As Microsoft's Chief Product Officer for Windows and Devices Panos Panay stated, the Dev Drive and Defender performance mode combination can lead to a build speed boost of up to 30%. "Dev Drive is based on the Resilient File System, which, combined with a new performance mode capability in Microsoft Defender for Antivirus, offers up to 30% file system improvement in build times for file I/O scenarios," Panay said.

Microsoft has pulled a recent Microsoft Defender update that was supposed to fix a known issue triggering persistent restart alerts and Windows Security warnings that Local Security Authority Protection is off. Microsoft acknowledged the issue on March 21, after widespread user reports regarding Windows 11 systems warning that LSA protection was off.

Israeli spyware maker NSO Group deployed at least three novel "Zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory based at the University of Toronto said.

Sponsored Feature For some time now, alerts concerning the utilisation of AI by cybercriminals have been sounded in specialist and mainstream media alike - with the set-to between AI-armed attackers and AI-protected defenders envisaged in vivid gladiatorial terms. While its success rate gathers pace, AI in cybersecurity must transition beyond outdated perceptions that might prevent it from gaining the mainstream adoption critical for organisations to protect themselves against weaponised AI offensives when they kick-off at scale.

In a confusing mess, a recent Microsoft Defender update rolled out a new security feature called 'Kernel-mode Hardware-enforced Stack Protection,' while removing the LSA protection feature. A recent Microsoft Defender update has made this feature even more confusing, as after it is installed, the LSA Protection feature is removed and replaced by a new feature called Kernel-mode Hardware-enforced Stack Protection.

Security researchers and analysts can now search Microsoft's Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and whatnot. "Often, analysts must go to multiple repositories to obtain the critical data sets they need to assess a suspicious domain, host, or IP address," Redmond wrote earlier about Defender Threat Intelligence, aka Defender TI. "DNS data, WHOIS information, malware, and SSL certificates provide important context to indicators of compromise, but these repositories are widely distributed and don't always share a common data structure, making it difficult to ensure analysts have all relevant data needed to make a proper and timely assessment of suspicious infrastructure."

Microsoft's at-times-glitchy Defender service is again causing headaches for IT admins by flagging legitimate URLs as malicious. One Register reader told us: "Our organization has received hundreds of malicious URL alerts from Office 365 for zoom.us links. These false positives take us a long time to investigate. Microsoft finally admitted that this is affecting hundreds of accounts and tenants worldwide."

Microsoft Defender is mistakenly flagging legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began over five hours ago. "We're investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. Additionally, some of the alerts are not showing content as expected," Microsoft said.