Security News

Microsoft Defender ASR rules strip icons, app shortcuts from Taskbar, Start Menu
2023-01-13 13:30

Techies are reporting that Microsoft Defender for Endpoint attack surface reduction rules have gone haywire and are removing icons and applications shortcuts from the Taskbar and Start Menu. "The ASR rule is removing icons on the taskbar and Start Menu and in some cases uninstalling Microsoft Office as well."

Google warns of commercial Heliconia spyware hitting Chrome, Firefox, Microsoft Defender
2022-12-01 20:30

Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software. The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.

Microsoft Defender boosts default protection for all enterprise users
2022-11-29 14:59

"Initially, built-in protection will include turning tamper protection on for your tenant, with other default settings coming soon," Microsoft explains.In September, Redmond added that it would soon enable tamper protection by default on all Microsoft Defender for Endpoint onboarded systems, locking Microsoft Defender Antivirus to secure default values and preventing any security settings changes.

Microsoft Defender protects Mac and Linux from malicious websites
2022-11-21 23:17

BYOD policies have made enterprise networks more diverse, and devices that used to only be connected to corporate networks are now likely on the internet as well. "You have to think of everything that runs software or code in your network as you do threat modeling for your network, and then have a plan in place," Ganacharya said.

Microsoft Defender network protection generally available on iOS, Android
2022-11-11 20:01

Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint enterprise endpoint security platform.Once Mobile Network Protection is toggled, MDE will provide protection and alerts when rogue Wi-Fi-related threats and certificates are detected.

If someone tries ransacking your Windows network, it's a bit easier now to grok in Microsoft 365 Defender
2022-10-26 04:27

Microsoft is bringing Azure Active Directory Identity Protection alerts to Microsoft 365 Defender to seemingly help IT folks thwart criminals infiltrating corporate networks via compromised users. For one thing, this means that if you want to find out the role an Azure AD identity played in an intrusion, you can now do so from one place, Microsoft 365 Defender, saving you from having to check your Azure portal, according to Microsoftie Idan Pelleg.

Data visualization: An invaluable tool in a defender’s arsenal
2022-10-21 04:30

How can blue teams remove the attackers' edge by turning data into visualizations? Understand relationships between your data points. By understanding the relationships between pairs of these data points, we can automate the construction of a relationship tree between all of them.

Microsoft Defender adds command and control traffic detection
2022-10-12 16:32

Microsoft has added command-and-control traffic detection capabilities to its Microsoft Defender for Endpoint enterprise endpoint security platform.The C2 connections are detected by the Defender for Endpoint's Network Protection agent by mapping the outbound connection's IP address, port, hostname, and other values with data from Microsoft Cloud.

Microsoft Defender for Endpoint will turn on tamper protection by default
2022-09-20 12:54

Microsoft says tamper protection will soon be turned on by default for all enterprise customers in Microsoft Defender for Endpoint for better defense against ransomware attacks.Once toggled on, it locks Microsoft Defender Antivirus to secure default values and will prevent any security settings changes.

Microsoft Defender falsely detects Win32/Hive.ZY in Google Chrome, Electron apps
2022-09-04 15:30

A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as 'Win32/Hive. The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.