Microsoft Security Saturday – 5/29/2021

Another Nobelium CyberattackThis week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations. This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries.

Breaking down NOBELIUM’s latest early-stage toolsetIn this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. These tools have been observed being used in the wild as early as February 2021 attempting to gain a foothold on a variety of sensitive diplomatic and government entities.

Microsoft recognized as a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021In recognition of these investments, I am delighted to announce that Forrester listed Microsoft as a Leader in its 2021 Wave for Unstructured Data Security Platforms, receiving the highest score in the strategy category.

Microsoft Virtual Security and Compliance Summit 2021Join us at Microsoft Virtual Security & Compliance Summit on Thursday, June 3, 2021 between 9:00 AM–12:00 PM Pacific Time (12:00 PM–3:00 PM Eastern Time).

Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threatsIn this blog, we delve deeper into specific themes in recent cyberattack trends—how and why they work so effectively—and strategies to mitigate them.

Conditional Access authentication context now in public previewToday we are starting the Conditional Access authentication context public preview. Authentication context allows apps to trigger policy enforcement when a user accesses sensitive data or actions, keeping users more productive and your sensitive resources secure.

Microsoft Build 2021 | Security, Compliance, Identity, and Management Tech Community BlogWe are super excited to bring together this community of developers from across the globe to join us virtually, live or on-demand, to get updates on the newest technologies, innovations and connect with peers and Microsoft professionals.  

Video Tutorial: Endpoint Protection Part 5 – Windows Defender Advanced Threat Protection PoliciesHello everyone, here is part 5 of a series focusing on Endpoint Protection integration with Configuration Manager.  This series is recorded by Steve Rachui, a Microsoft principal premier field engineer.

Announcing 15+ New Azure Sentinel Data ConnectorsToday, we are announcing over 15 new out-of-the-box data connectors for Azure Sentinel to enable data collection for leading products across different industries and clouds.

Who Watches the SOC Team? Enabling Audit/Risk Teams to Monitor the SOCThis blog is going to be discussing methods to monitor the actions of the SOC team from a risk and auditing standpoint. There is a need in the field for monitoring actions performed by the SOC engineers in an environment.

Azure Defender expands SQL protection to open-source relational databasesWe recently announced the general availability of Azure Defender for SQL to protect SQL Servers in Azure, on premises, and in multi-cloud deployments on Amazon Web Services (AWS) and Google Cloud Platform (GCP). Today we are happy to announce we are expanding Azure Defender’s SQL protection to open-source relational databases.