New File Analysis Add-on with Microsoft 365 Defender Enable Deeper Insights

New File Analysis Add-on with Microsoft 365 Defender Enable Deeper Insights

Microsoft has taken another step towards security which has revolutionized the way security professionals use Microsoft 365 Defender across devices as well as cloud applications.

This time they have pivoted the process of examining a single file across multiple systems and applications.

Read moreBuilding cyber skills and roles from CyBOK foundations

Microsoft 365 Defenders has been used by organizations worldwide to monitor and analyze files and devices’ activities across their networks.

This includes several executable files and documents like Word, Excel, and others.

New File Analysis Interface

Read moreAccessibility as a cyber security priority

The modified interface provides complete insight into a single file and its potential impact on the organization.

However, this time the file can be tracked from the time of its introduction and its lateral movement across devices inside the organization, along with its related cloud applications, incidents, alerts, and many other statistics, including the Worldwide prevalence of the file.

Read moreNew interactive video - and related downloads - to help secondary school kids stay safe online

Microsoft 365 Defender Interface (Source: Microsoft)

Enhanced Pivoting

The current update also includes further analysis after finding about the file’s existence on a device. It shows information like file execution status, first and last seen of the file on the device, process time it took to initiate, and other file names associated with the device.

File History

Read moreNigerian Cybercrime Ring's Phishing Tactics Exposed

The Cloud Apps page provides insight into the file’s existence on cloud applications along with the Microsoft Cloud Apps policies.

This enables security professionals to anticipate cloud-based threats and take precautionary measures.

Read moreS3 Ep135: Sysadmin by day, extortionist by night

Cloud Apps Page (Source: Microsoft)

In addition to these features, the new update also has options to analyze based on MITRE ATT&CK techniques for understanding a file and its potential capabilities after execution. 

Read moreUS offers $10m bounty for Russian ransomware suspect outed in indictment

For this, the “File Content” page can be utilized, which includes Process Writes, Process creation, Network activities, File Writes, File Deletes, Registry Reads, Registry Writes, Strings, Imports, and Exports.

File Contents Page (Source: Microsoft)

Read moreBelkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

The new update on the Microsoft 365 Defender will supposedly help security professionals to gather multiple pieces of information and secure their organizations.

Microsoft has released a complete report about their new features, showing their capabilities in detail.

Read moreZut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.

The post New File Analysis Add-on with Microsoft 365 Defender Enable Deeper Insights appeared first on Cyber Security News.

Read moreHeads Up CEO! Cyber Risk Influences Company Credit Ratings

   Read More 

Cyber Security News 

Related Posts

vBulletin Forums Breached: Dark Web Sale of Millions of Accounts

vBulletin Forums Breached: Dark Web Sale of Millions of Accounts

[[{“value”:”

vBulletin, a widely used forum software, has been compromised, potentially exposing millions of user accounts.

The breach was facilitated by a software vulnerability, specifically affecting versions 4.2.2 and 4.2.3.

The Forumrunner add-on was pinpointed as the weak link that allowed attackers to perform SQL Injection attacks.

The Vulnerability

The issue’s core lies in an SQL Injection vulnerability reported to the vBulletin team.

SQL Injection is an attack that allows attackers to execute malicious SQL commands in a web application’s database.

It can lead to unauthorized access to sensitive data, including user credentials, personal information, etc.

This particular vulnerability was found in the Forumrunner add-on of vBulletin 4, a component used to optimize forums for mobile devices.

Have I Been Pwned recently tweeted that the vBulletin forum suffered a data breach, compromising 2.6 million records.

New breach: The forum for GSM-Hosting had 2.6M records breached in August 2016 and sold with 2 dozen other hacked websites. Data included email and IP address, username and salted MD5 password hash. 74% were already in @haveibeenpwned. Read more: https://t.co/Uebg30mtlZ

— Have I Been Pwned (@haveibeenpwned) March 27, 2024

Immediate Response

Upon discovery, the vBulletin team acted swiftly to mitigate the risk posed by this vulnerability.

Security patches for vBulletin versions 4.2.2 and 4.2.3 were released to address the issue. The patches are identified as:

vBulletin 4.2.2 Patch Level 5

vBulletin 4.2.3 Patch Level 1

 Users of the affected versions are urged to apply these patches immediately to secure their forums against potential attacks.

Furthermore, the release of vBulletin 4.2.4 Beta 2 includes the necessary fix, offering an additional upgrade path for users seeking to protect their platforms.

To secure their forums, vBulletin administrators should download the appropriate patch for their version and upload all files from the zip file to their server, ensuring to overwrite the existing files.

For those running versions of vBulletin 4 older than 4.2.2, a standard upgrade to the latest version is recommended, which would inherently include the security fixes.

Broader Implications

The breach has raised concerns over the security of forum software and the potential for sensitive user data to be compromised and sold on the dark web.

Millions of accounts could be at risk, underscoring the importance of timely updates and patches in safeguarding digital platforms.

This incident serves as a stark reminder of the ever-present threat of cyberattacks and the need for web administrators to be constantly vigilant.

The vBulletin team’s prompt response in releasing patches demonstrates a commitment to security and highlights the ongoing battle against cyber threats.

vBulletin users are strongly advised to take immediate action to update or patch their software to protect against this vulnerability.

The incident underscores the critical importance of cybersecurity measures in protecting user data and maintaining trust in digital platforms.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter

The post vBulletin Forums Breached: Dark Web Sale of Millions of Accounts appeared first on Cyber Security News.

“}]]   Read More 

Cyber Security News