Security News

Microsoft Defender mistakenly tagging URLs as malicious
2023-03-29 15:38

Microsoft Defender is mistakenly flagging legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began over five hours ago. "We're investigating an issue where legitimate URL links are being incorrectly marked as malicious by the Microsoft Defender service. Additionally, some of the alerts are not showing content as expected," Microsoft said.

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders
2023-03-28 18:08

Microsoft on Tuesday unveiled Security Copilot in preview, marking its continued push to embed AI-oriented features in an attempt to offer "End-to-end defense at machine speed and scale."Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals, and assess risk exposure.

Microsoft: Defender update behind Windows LSA protection warnings
2023-03-21 22:02

Microsoft says the KB5007651 Microsoft Defender Antivirus update triggers Windows Security warnings on Windows 11 systems saying that Local Security Authority Protection is off. LSA Protection is a security feature that defends sensitive information like credentials from theft by blocking untrusted LSA code injection and process memory dumping.

Microsoft Defender app now force-installed for Microsoft 365 users
2023-02-27 21:45

Microsoft is now force-installing the Microsoft Defender for Individuals application when installing or updating the Microsoft 365 apps."Starting in late February of 2023, the Microsoft Defender app will be included in the Microsoft 365 installer," the company says in a support document updated last week.

Defenders on high alert as backdoor attacks become more common
2023-02-24 05:30

Although ransomware's share of incidents declined only slightly from 2021 to 2022, defenders were more successful detecting and preventing ransomware, according to IBM. Despite this, attackers continued to innovate with the report showing the average time to complete a ransomware attack dropped from 2 months down to less than 4 days. "The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain - tempering ransomware's progression in the short term," said Charles Henderson, Head of IBM Security X-Force.

Report: Stress will drive a quarter of cyber defenders out the door
2023-02-23 20:16

Relief may not come soon, if research firm Gartner's predictions hold true that fully a quarter of security leaders will depart the cybersecurity field entirely by 2025 due to work pressures. In a new report, the firm predicts that nearly half of cybersecurity leaders will change jobs, and that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.

Microsoft upgrades Defender to lock down Linux gear for its own good
2023-01-31 20:45

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them. Users can get to the device page of the Linux systems through the Microsoft 365 Defender portal, where they will see an "Isolate Device" tab in the upper right among other response actions.

Microsoft Defender can now isolate compromised Linux endpoints
2023-01-31 08:14

Microsoft announced today that it added device isolation support to Microsoft Defender for Endpoint on onboarded Linux devices. Enterprise admins can manually isolate Linux machines enrolled as part of a public preview using the Microsoft 365 Defender portal or via API requests.

Securing IoT with Microsoft Defender for IoT sensors
2023-01-26 12:07

IoT hardware is at the heart of much modern operational technology, the systems that support businesses, the systems that mix modern IoT hardware with legacy control and data collection devices. So how can we protect our devices, networks and businesses, especially when we already have a large estate of deployed hardware? Microsoft's Defender for IoT is one option, adding network sensors and firmware analysis tools to help spot compromised and at-risk hardware and working in conjunction with Microsoft Sentinel to use machine learning to identify threats early.

Microsoft script recreates shortcuts deleted by bad Defender ASR rule
2023-01-15 19:07

Microsoft released advanced hunting queries and a PowerShell script to find and recover some of the Windows application shortcuts deleted Friday morning by a buggy Microsoft Defender ASR rule. Early morning on January 13th, Microsoft released a new Microsoft Defender signature update that included a change to the Attack Surface Reduction rule known as "Block Win32 API calls from Office macro" in Configuration Manager and "Win32 imports from Office macro code" in Intune.