Remote Desktop Services

Monthly news – December 2023

Microsoft Defender for Cloud Monthly news December 2023 Edition This is our monthly “What’s new” blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from November 2023.  Microsoft Defender for Cloud We’re announcing the General Availability (GA) of agentless …

Monthly news – December 2023 Continue Reading

Active Directory Hardening Series – Part 2 – Removing SMBv1

Hi All!  Jerry Devore back again with another hardening Active Directory topic.  Before we jump into the technical stuff, I would like to briefly share some tips for structuring a protocol hardening project.  I picked up these suggestions from working with customers who have been successful in their protocol hardening efforts. Tip #1 – Collaborate …

Active Directory Hardening Series – Part 2 – Removing SMBv1 Continue Reading

Introducing Azure Bastion Developer: Secure and cost-effective access to your Azure Virtual Machines

Microsoft Azure is constantly evolving to meet the needs of its growing user base. In response to the feedback and requirements of developers, we have announced a new SKU for Azure Bastion: Bastion Developer. This service, now in public preview, will be a game-changer for developers seeking secure, cost-effective, and hassle-free connectivity to their Azure …

Introducing Azure Bastion Developer: Secure and cost-effective access to your Azure Virtual Machines Continue Reading

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other software development activities. In past operations, Diamond …

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability Continue Reading

New expanded visibility into multicloud data security in Microsoft Defender for Cloud

Author: Asaf Nakash (@Asaf_Nakash), Senior Program Manager, Microsoft Defender for Cloud Co-authors: @Catalin Esanu, Senior Program Manager, Microsoft Defender for Cloud @Maayan Naaman Rand , Senior Program Manager, Microsoft Defender for Cloud In recent years we’ve witnessed an accelerated migration of data to the cloud with data sprawl with security blind spots as unintended consequences. Attackers have turned …

New expanded visibility into multicloud data security in Microsoft Defender for Cloud Continue Reading

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out  by an actor we track as Peach Sandstorm (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, defense, and pharmaceutical sectors around the globe. Based upon the profile of victim organizations targeted …

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets Continue Reading

Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution

On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look into Microsoft Entra Private Access.  Figure 1: Traditional network security stacks and legacy VPNs are …

Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution Continue Reading

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along …

Flax Typhoon using legitimate software to quietly access Taiwanese organizations Continue Reading