Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. This edition of Cyber Signals takes you inside the work underway and important milestones achieved that protect customers.
Learn more about Microsoft Security Copilot—including its integration with Microsoft 365 Defender—as well as our latest innovations and announcements, and how your organization can get early access.
Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability. Given supply chain attacks carried out by these threat actors in the past, Microsoft assesses that this activity poses a particularly high risk to organizations who are affected.
Since our announcement in July 2023, we have made significant efforts to enhance the access of Microsoft Purview's audit logging. This ongoing work expands accessibility and flexibility to cloud security logs. Read about the additional updates coming to Microsoft Purview Audit in the coming weeks.
Today, we're pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other capabilities. Now, organizations only need to onboard their devices to Defender for Endpoint to start realizing the benefits of attack disruption.
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
User containment is a unique and innovative defense mechanism that stops human-operated attacks in their tracks. We’ve added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint. User containment is automatically triggered by high-fidelity signals and limits attackers’ ability to move laterally within a network regardless of the compromised account’s Active Directory state or privilege level.
Read about the latest updates to our Microsoft Security Experts product offerings.
Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance. The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment to gain access and elevated permissions to a Microsoft SQL Server instance deployed in an Azure Virtual Machine (VM). The attackers then used the acquired elevated permission to attempt to move laterally to additional cloud resources by abusing the server’s cloud identity.
It’s Cybersecurity Awareness Month! Celebrate security with us and prioritize it year-round. Explore how Microsoft is continuously innovating and creating the #BeCybersmart kit to help you and your organization stay safe online.
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Join Microsoft Security at Microsoft Ignite 2023 for the latest security insights, hands-on skilling, product innovations, in-person networking, and more.
Windows 11 is designed to simplify security with features from the chip to the cloud that are on by default. Since its launch, we’ve seen a 58 percent reduction in security. Learn more about the new features.
Today, Microsoft announced several major innovations to empower people across work and life and redefine how we live and work with AI.
For the fifth consecutive year, Microsoft 365 Defender demonstrated leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcases Microsoft 365 Defender as a leading solution, enabled by next-gen protection, industry-first capabilities like automatic attack disruption, and more.
