Security News

SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks. Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. Following the surge of reports, Microsoft confirmed the Office updates were mistakenly marked as ransomware activity due to false positives.

Microsoft has announced that the company's new cloud-based Microsoft Defender security solution has entered preview for home customers in the United States. While Microsoft paints a pretty picture of Microsoft Defender Preview's capabilities, in reality, the application is in its very early stages.

Microsoft Defender's tentacles have spread to include the Google Cloud Platform and beefed up visibility with a public preview of CloudKnox Permissions. The addition of GCP was a while coming after Microsoft confirmed the arrival of Defender for Cloud on Amazon Web Services at its Ignite event in November.

Microsoft announced today that Microsoft Defender for Cloud now also comes with native protection for Google Cloud Platform environments, providing security recommendations and threat detection across clouds. Defender for Cloud is a security solution that monitors cloud services for threats, makes recommendations to harden security posture, and detects and warns of vulnerabilities in protected multi-cloud and hybrid environments.

Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process. While Microsoft Defender block programs like Mimikatz, a LSASS memory dump can still be transferred to a remote computer to dump credentials without fear of being blocked.

Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. After finding out what folders were added to the antivirus exclusion list, attackers could deliver and execute malware from an excluded folder on a compromised Windows system without having to fear that its malicious payload will be detected and neutralized.

Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform."Threat and vulnerability management in Microsoft Defender for Endpoint continuously monitors and identifies impacted devices, assesses associated risks in the environment, and provides intelligent prioritization and integrated workflows to seamlessly remediate vulnerabilities."

Microsoft Defender for Business, a new endpoint security solution specially built for small and medium-sized businesses, is now rolling out in preview worldwide.Microsoft first announced Defender for Business last month and released it in response to the 300% increase in ransomware attacks in the previous year, with over 50% of them directly impacting SMBs, according to US Secretary of Homeland Security Alejandro Mayorkas.

Microsoft is rolling out Built-In Protection to Defender for Office 365, a new feature that would automatically enable recommended settings and policies to make sure all new and existing users get at least a basic level of protection.Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with automated attack remediation and defends them from various threats, including business email compromise and credential phishing.