Microsoft Security Saturday – 03/26/2022

DEV-0537 criminal actor targeting organizations for data exfiltration and destructionThe activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads. DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organizations in government, technology, telecom, media, retail, and healthcare sectors.

Update Microsoft Sentinel VIP Users Watchlist from Azure AD group using playbooksLast August, Watchlist built-in templates were announced in Public Preview as a new feature of Microsoft Sentinel. Data in watchlists can be correlated with analytics rules, viewed in the entity pages and investigation graphs as insights, leveraged for custom use cases such as tracking VIP or sensitive users and more.

Microsoft 365 Defender delivers unified XDR experience to GCC, GCC High and DoD customersWith persistent cyber threats and Executive Order 14028 requirements announced in May 2021, there is significant pressure for government agencies to improve their security posture as well as proactively prevent and respond to attacks. Microsoft 365 Defender leverages the Microsoft 365 security portfolio to detect and help stop attacks anywhere in the kill chain. We are happy to announce that Microsoft 365 Defender is now available to GCC, GCC High and DoD customers. Microsoft 365 Defender can help government customers optimize their security by.

Decentralized Identity: The Basics of Decentralized Identity Here in part three of our decentralized identity series, I’ll describe the key parts of a decentralized identity architecture without diving too far into the technical details. It takes a village for this kind of ecosystem to work – as you’re about to see – and the concepts discussed here are industry standards that anyone can research and implement. If I succeed, you’ll be able to explain the design pattern behind this architecture and have enough information to look up the underlying specifications, if you choose.

Closing the cybersecurity skills gap – Microsoft expands efforts to 23 countriesAs with our U.S. program, one of our goals is to ensure traditionally excluded populations have opportunities to enter the cybersecurity workforce, including women. The global cybersecurity workforce is woefully lacking in diversity: in the countries where we are expanding our campaign, on average, only 17% of the cybersecurity workforce are female.

F5 builds value with easy identity management via Conditional AccessHello! I’m Sue Bohn, Microsoft Vice President of Program Management for Identity and Network Access. In today’s blog, some key people behind F5 BIG-IP Access Policy Manager (APM) explain how Microsoft Azure Active Directory (Azure AD) helps make life easier for them—and more importantly—for their customers.

Salesforce now enforcing multi-factor authentication—Azure AD has you coveredWith Salesforce’s recent requirement of enabling multi-factor authentication (MFA) to access Salesforce products, we wanted to share how Azure Active Directory can support you on this journey. With organizations supporting hybrid work and employees using a variety of applications to get work done, it’s critical to ensure access to these applications like Salesforce is protected.