Microsoft has announced the general availability of the Microsoft Entra Suite and the general availability of Microsoft Sentinel within the Microsoft unified security operations platform, providing new capabilities that can further simplify the implementation of a Zero Trust architecture across the full lifecycle from prevention to detection and response. https://msft.it/6044lzQeM The Microsoft Entra Suite unifies identity and network access security, and provides everything needed to verify users, prevent overprivileged permissions, improve detections, and enforce granular access controls for all users and resources. https://msft.it/6045lzQe3 Microsoft Sentinel capabilities within the Microsoft unified security operations platform help bring together all the security signals the environment generates, then normalizes, analyzes, and uses them to proactively defend against cyberthreats. https://msft.it/6046lzQeO
Microsoft Threat Intelligence
Computer and Network Security
We are Microsoft's global network of security experts. Follow for security research and threat intelligence.
About us
The Microsoft Threat Intelligence community is made up of more than 10,000 world-class experts, security researchers, analysts, and threat hunters analyzing 78 trillion signals daily to discover threats and deliver timely and hyper-relevant insight to protect customers. Our research covers a broad spectrum of threats, including threat actors and the infrastructure that enables them, as well as the tools and techniques they use in their attacks.
- Website
-
https://aka.ms/threatintelblog
External link for Microsoft Threat Intelligence
- Industry
- Computer and Network Security
- Company size
- 10,001+ employees
- Specialties
- Computer & network security, Information technology & services, Cybersecurity, Threat intelligence, Threat protection, and Security
Updates
-
The July 2024 security updates are available:
Security updates for July 2024 are now available. Details are available here: https://msft.it/60119yPTS #PatchTuesday #SecurityUpdateGuide
-
In this episode of The Microsoft Threat Intelligence podcast, top experts from different areas in cybersecurity share their experiences pushing for security at various levels and their insights on the impact of AI to cybersecurity This series of discussions, recorded live at RSA Conference 2024, features discussions on the process of securing the Windows platform, the power grid, as well as the unique challenges faced by specific industries such as education in cybersecurity. The experts also talk about the importance of integration in dealing with cyberthreats, such as considering product functionality when building cybersecurity measures, as well as including threat intelligence related to cybercrime entities into attack frameworks such as MITRE. Listen to the full episode, hosted by Sherrod DeGrippo, here: https://msft.it/6040lHNSm
Microsoft Live at the RSA Conference 2024
thecyberwire.com
-
Microsoft Threat Intelligence reposted this
Meet the experts—Microsoft Threat Intelligence analysts Alison Ali, Waymon Ho, and Emiel Haeghebaert—charged with tracking Storm-0539, a Morocco-based threat actor specializing in payment card theft and gift card fraud. Details at: https://msft.it/6041l8GYx
-
Microsoft researchers discovered two vulnerabilities in Rockwell Automation’s PanelView Plus that could be remotely exploited by attackers to allow remote code execution (RCE) and denial of service (DoS). PanelView Plus devices are graphic terminals, also known as human machine interface (HMI), used in the industrial sector. Both vulnerabilities are related to custom classes in PanelView Plus. The RCE vulnerability involves two custom classes that could be used to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS. Microsoft reported these findings to Rockwell Automation in May and July 2023, and Rockwell Automation published security patches to address the vulnerabilities in September and October 2023. We’re sharing our research to help developers, vendors, and the industry in general to avoid or detect similar issues in their systems. Read our latest blog to get our analysis of the vulnerabilities, as well as mitigation and protection guidance for defenders: https://msft.it/6046l8Ufn
Vulnerabilities in PanelView Plus devices could lead to remote code execution | Microsoft Security Blog
microsoft.com
-
Microsoft has accelerated the speed and scale at which threat intelligence is published in Microsoft Defender Threat Intelligence (MDTI), Microsoft Defender XDR Threat Analytics, and Microsoft Copilot for Security, giving customers more critical security insights, data, and guidance than ever before. Our 10,000 interdisciplinary experts reason over more than 78 trillion daily threat signals to continuously add to our understanding of threat actors and activity. Over the past year, Microsoft Threat Intelligence has published hundreds of new Intel profiles to help customers maintain situational awareness around the threat activity, techniques, vulnerabilities, and the more than 300 named threat actors tracked by Microsoft. We have also improved the quantity and depth of open-source intelligence (OSINT), and delivered detections and security recommendations to provide context on daily alerts and help customers detect, understand, and address cyberattacks and related activities. Using Copilot for Security, customers can quickly retrieve information from these publications to contextualize artifacts and correlate MDTI and Threat Analytics content and data with other security information from Defender XDR, such as incidents and hunting activities, to help customers assess their vulnerabilities and quickly understand the broader scope of an attack. Learn more: https://msft.it/6048l8z0k
More Threat Intelligence Content in MDTI, TA Enables Better Security Outcomes
techcommunity.microsoft.com
-
Threats that involve the compromise of multiple privileged identities within the network may require a mass password reset as part of incident response. A mass password reset helps incident responders gain control of the identity plane, deny other avenues of access, and disrupt any persistence the attacker may have established in the environment. There are several variables and considerations for a mass password reset, and there is no one-size-fits-all solution. In this blog post, Microsoft Incident Response provides best practices in preparing for and performing a mass password reset: https://msft.it/6046YhXQ6
Effective strategies for conducting Mass Password Resets during cybersecurity incidents
-
In our ongoing commitment to transparency, we will now issue CVEs for critical cloud service vulnerabilities, regardless of whether customers need to install a patch or take other actions to protect themselves. Learn more in our blog post: https://msft.it/6044YCjBG
Toward greater transparency: Unveiling Cloud Service CVEs | MSRC Blog | Microsoft Security Response Center
-
Microsoft recently discovered a new type of generative AI jailbreak method, which we call Skeleton Key for its ability to potentially subvert responsible AI (RAI) guardrails built into the model, which could enable the model to violate its operators’ polices, make decisions unduly influenced by a user, or run malicious instructions. The Skeleton Key method works by using a multi-step strategy to cause a model to ignore its guardrails by asking it to augment, rather than change, its behavior guidelines. This enables a model to then respond to any request for information or content, including producing ordinarily forbidden behaviors and content. To protect against Skeleton Key attacks, Microsoft has implemented several approaches to our AI system design, provided tools for customers developing their own applications on Azure, and provided mitigation guidance for defenders to discovered and protect against such attacks. Learn about Skeleton Key, what Microsoft is doing to defend systems against this threat, and more in the latest Microsoft Threat Intelligence blog from the Chief Technology Officer of Microsoft Azure Mark Russinovich: https://msft.it/6043Y7Xrd Learn more about Mark Russinovich and his exploration into AI and AI jailbreaking techniques like Crescendo and Skeleton Key, as discussed on that latest Microsoft Threat Intelligence podcast episode hosted by Sherrod DeGrippo: https://msft.it/6044Y7Xre
Mitigating Skeleton Key, a new type of generative AI jailbreak technique | Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog
-
The Microsoft Copilot for Security threat intelligence embedded experience in Defender XDR, now generally available, returns, contextualizes, and summarizes intelligence from across Microsoft Defender Threat Intelligence (MDTI) and threat analytics about threat actors, threat tooling, and IoCs related to their security incidents and vulnerabilities. Copilot for Security helps defenders to evaluate artifacts and correlate threat intelligence content and data with other security information from Defender XDR, such as incidents and hunting activities, to assess risks and quickly understand the broader scope of an attack. The threat intelligence embedded experience in Defender XDR can help users summarize threat intelligence, prioritize threats based on exposures and vulnerabilities across the attack surface, and understand threats targeting their industry. Learn more here: https://msft.it/6042YAIos You can also find more details on using Microsoft Copilot for Security for threat intelligence here: https://msft.it/6043YAIot
Copilot for Security TI Embedded Experience in Defender XDR is now GA