Security News

Microsoft announced today that it added device isolation support to Microsoft Defender for Endpoint on onboarded Linux devices. Enterprise admins can manually isolate Linux machines enrolled as part of a public preview using the Microsoft 365 Defender portal or via API requests.

IoT hardware is at the heart of much modern operational technology, the systems that support businesses, the systems that mix modern IoT hardware with legacy control and data collection devices. So how can we protect our devices, networks and businesses, especially when we already have a large estate of deployed hardware? Microsoft's Defender for IoT is one option, adding network sensors and firmware analysis tools to help spot compromised and at-risk hardware and working in conjunction with Microsoft Sentinel to use machine learning to identify threats early.

Microsoft released advanced hunting queries and a PowerShell script to find and recover some of the Windows application shortcuts deleted Friday morning by a buggy Microsoft Defender ASR rule. Early morning on January 13th, Microsoft released a new Microsoft Defender signature update that included a change to the Attack Surface Reduction rule known as "Block Win32 API calls from Office macro" in Configuration Manager and "Win32 imports from Office macro code" in Intune.

Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps. The issue affected app shortcuts across onboarded devices after the Microsoft Defender for Endpoint attack surface reduction rule was triggered erroneously.

Techies are reporting that Microsoft Defender for Endpoint attack surface reduction rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu. "The ASR rule is removing icons on the taskbar and Start Menu and in some cases uninstalling Microsoft Office as well."

Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software. The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.

"Initially, built-in protection will include turning tamper protection on for your tenant, with other default settings coming soon," Microsoft explains.In September, Redmond added that it would soon enable tamper protection by default on all Microsoft Defender for Endpoint onboarded systems, locking Microsoft Defender Antivirus to secure default values and preventing any security settings changes.

BYOD policies have made enterprise networks more diverse, and devices that used to only be connected to corporate networks are now likely on the internet as well. "You have to think of everything that runs software or code in your network as you do threat modeling for your network, and then have a plan in place," Ganacharya said.

Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint enterprise endpoint security platform.Once Mobile Network Protection is toggled, MDE will provide protection and alerts when rogue Wi-Fi-related threats and certificates are detected.

Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users. For one thing, this means that if you want to find out the role an Azure AD identity played in an intrusion, you can now do so from one place, Microsoft 365 Defender, saving you from having to check your Azure portal, according to Microsoftie Idan Pelleg.