microsoft defender for endpoint – Computer Security Articles

Credit to Author: Emma Jones| Date: Thu, 02 Mar 2023 17:00:00 +0000

Gartner has again recognized Microsoft as a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms, positioned highest on the Ability to Execute.

The post Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

Microsoft Security

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

May 28, 2022 admin cybersecurity, krbrelayup, microsoft defender for endpoint, microsoft defender for identity, Microsoft security intelligence, resource-based constrained delegation (rbcd)

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 25 May 2022 21:00:00 +0000

The privilege escalation hacking tool KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/ SharpMad, Whisker, and ADCSPwn tools in attacks. Although this attack won’t function for Azure Active Directory (Azure AD) joined devices, hybrid joined devices with on-premises domain controllers remain vulnerable.

The post Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp) appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

April 26, 2022 admin cybersecurity, linux, microsoft, microsoft defender for endpoint, Microsoft security intelligence, Security, vulnerabilities

Credit to Author: Katie McCafferty| Date: Tue, 26 Apr 2022 16:00:00 +0000

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.

The post Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn appeared first on Microsoft Security Blog.

Microsoft Security

Detect active network reconnaissance with Microsoft Defender for Endpoint

February 7, 2022 admin cybersecurity, microsoft defender for endpoint

Credit to Author: Pooja Parab| Date: Mon, 07 Feb 2022 17:00:00 +0000

Active network reconnaissance is a critical component of the cybersecurity kill chain allowing for network topography and endpoint services to be mapped and used in targeted campaigns. Microsoft Defender for Endpoint can help to detect and disrupt these attacks at the earliest stages, providing our defenders with a powerful tool to gain visibility, take appropriate action and mitigate the risk of endpoint exploitation.

The post Detect active network reconnaissance with Microsoft Defender for Endpoint appeared first on Microsoft Security Blog.