by Scott Muniz | Jan 25, 2023 | Security, Technology
This article is contributed. See the original author and article here.
Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) Protecting Against Malicious Use of Remote Monitoring and Management Software. The advisory describes a phishing scam in which cyber threat actors maliciously use legitimate remote monitoring and management (RMM) software to steal money from victim bank accounts.
CISA encourages network defenders to review the advisory for indicators of compromise, best practices, and recommended mitigations, which highlights the threat of additional types of malicious activity using RMM, including its use as a backdoor for persistence and/or command and control (C2).
by Contributed | Jan 25, 2023 | Technology
This article is contributed. See the original author and article here.
Introduction
As Microsoft Cloud Solution Architects, we get asked by Businesses, IT Managers and Cybersecurity Experts to accurately report on the Vulnerabilities and CVEs in our environments. This could be as easy as just deploying Endpoint Protection updates or as advanced as deploying every category and 3rd Party Updates using Microsoft Defender for Endpoint.
Microsoft Defender for Endpoint Vulnerability Reporting with Power BI – involves implementing a cloud-based reporting and visualization solution that brings exposure to active threats into sharp focus. It is intended to provide value to IT Leaders, Stakeholders, Security & Compliance teams, and Operations Teams that are responsible for mitigating CVE documented risks. The reports provide rich drill throughs that enable full understanding of an organization’s current data and trends. The data is sourced from Microsoft Defender for Endpoint using API calls, stored in a small serverless Azure SQL instance, and can be accessed from anywhere on any device.
Outcomes
Dashboard with summary view that shows CVE vulnerability status for the current month (n-0), the previous month (n-1), and all prior.
Customization options to exclude specific CVEs and classes of vulnerabilities.
Cloud installation that creates a small Azure serverless SQL instance, an Azure Automation Account, and an Azure Service Principal.
The Report
Conclusion
This solution will provide accurate reporting of your Vulnerabilities across the entire Defender for Endpoint Estate.
How do I book this engagement?
If you are a Microsoft Premier or Unified customer, you can reach out to your Customer Success Account Manager (CSAM) for more questions!
Special thanks to the Dev Team:
Chris Sugdinis, Ken Wygant, Michael Schmidt, Nathan Hughes, Shawn Rand, Todd Sterrett, Jon Ellis, Suhail Abdul Salam, Vikram Sahay, Werner Rall
Disclaimer
The sample scripts or Power BI Dashboards are not supported under any Microsoft standard support program or service. The sample scripts or Power BI Dashboards are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts or Power BI Dashboards be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
by Scott Muniz | Jan 24, 2023 | Security, Technology
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A
lock (
) or
https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
by Scott Muniz | Jan 24, 2023 | Security, Technology
This article is contributed. See the original author and article here.
CISA released two Industrial Control Systems (ICS) advisories on January 24, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
by Contributed | Jan 24, 2023 | Technology
This article is contributed. See the original author and article here.
We have heard feedback that with so many commands it can be challenging to remember the exact syntax or learn new cmdlets, so we are enabling a solution to make the experience easier.
We are excited to announce that we have enabled Predictive IntelliSense in PSReadLine and the predications from Azure PowerShell Az.Tools.Predictor module.
Beginning February 2023 Azure Cloud Shell uses the version of PSReadLine that has Predictive IntelliSense enabled by default. We’ve also installed and enabled the Azure PowerShell predictor Az.Tools.Predictor module. Together, these changes enhance the command-line experience by providing suggestions that help new and experienced users of Azure discover, edit, and execute complete PowerShell commands.
What is Predictive IntelliSense?
Predictive IntelliSense is a feature of the PSReadLine module. It provides suggestions for complete commands based on items from your history and from predictor modules, like Az.Tools.Predictor.
Prediction suggestions appear as colored text following the user’s cursor. The image below shows the default InlineView of the suggestion. Pressing RightArrow key accepts an inline suggestion. After accepting the suggestion, you can edit the command line before hitting Enter to run the command.
PSReadLine also offers a ListView presentation of the suggestions.
In ListView mode, use the arrow keys to scroll through the available suggestions. List view also shows the source of the prediction.
You can switch between InlineView and ListView by pressing the F2 key.
Where can I learn more?
For more information about how to customize predictions for Cloud Shell, see Cloud Shell Predictive IntelliSense.
Learn more about how Az.Tools.Predictor uses intelligent context-aware command completion to help you navigate cmdlets and parameters for the Az PowerShell module.
To learn more about PSReadLine and managing Predictive Intellisense, see Using predictors in PSReadLine.
Where can I make suggestions?
We welcome suggestions and feedback to your experience working with Azure Cloud Shell. Please help us learn your feedback by posting issues and suggestions to our Azure Cloud Shell GitHub.
Recent Comments