Security News
Techies are reporting that Microsoft Defender for Endpoint attack surface reduction rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu. "The ASR rule is removing icons on the taskbar and Start Menu and in some cases uninstalling Microsoft Office as well."
Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software. The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.
"Initially, built-in protection will include turning tamper protection on for your tenant, with other default settings coming soon," Microsoft explains.In September, Redmond added that it would soon enable tamper protection by default on all Microsoft Defender for Endpoint onboarded systems, locking Microsoft Defender Antivirus to secure default values and preventing any security settings changes.
BYOD policies have made enterprise networks more diverse, and devices that used to only be connected to corporate networks are now likely on the internet as well. "You have to think of everything that runs software or code in your network as you do threat modeling for your network, and then have a plan in place," Ganacharya said.
Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint enterprise endpoint security platform.Once Mobile Network Protection is toggled, MDE will provide protection and alerts when rogue Wi-Fi-related threats and certificates are detected.
Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users. For one thing, this means that if you want to find out the role an Azure AD identity played in an intrusion, you can now do so from one place, Microsoft 365 Defender, saving you from having to check your Azure portal, according to Microsoftie Idan Pelleg.
How can blue teams remove the attackers' edge by turning data into visualizations? Understand relationships between your data points. By understanding the relationships between pairs of these data points, we can automate the construction of a relationship tree between all of them.
Microsoft has added command-and-control traffic detection capabilities to its Microsoft Defender for Endpoint enterprise endpoint security platform.The C2 connections are detected by the Defender for Endpoint's Network Protection agent by mapping the outbound connection's IP address, port, hostname, and other values with data from Microsoft Cloud.
Microsoft says tamper protection will soon be turned on by default for all enterprise customers in Microsoft Defender for Endpoint for better defense against ransomware attacks.Once toggled on, it locks Microsoft Defender Antivirus to secure default values and will prevent any security settings changes.
A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as 'Win32/Hive. The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.