• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
City of Las Vegas utilises BitDam ATP to protect from advanced cyberthreats

Microsoft Defender for Identity now detects Zerologon attacks

December 2, 2020
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

February 22, 2021
8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

February 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

February 19, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Data insights without limit, security without compromise

February 18, 2021
8×8 makes raft of updates to platform

What Is Object Storage?

February 17, 2021
Microsoft To Open Azure Cloud Data Center Region In Spain

EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

February 17, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Azure Firewall Premium now in preview

February 17, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, February 25, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    A moment of reckoning: the need for a strong and global cybersecurity response

    Data insights without limit, security without compromise

    8×8 makes raft of updates to platform

    What Is Object Storage?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Firewall Premium now in preview

    Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

    Global Industrial Cybersecurity Market By Offering Type, By Security Type, By End User, By Region, Industry Analysis and Forecast, 2020 – 2026

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Innovative solutions for IT workers at home

    Microsoft Releases Application Guard for Office, Plus Azure Security Center and Azure Defender for IoT Products

    Microsoft spins off security, compliance bits from Microsoft 365’s priciest plan for E3 customers

    Show your HR backups the back door

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    The Hack Roundup: Biden Orders Intel Assessment of Suspected Russian Malfeasance

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News Business

Microsoft Defender for Identity now detects Zerologon attacks

by AZURE SECURITY NEWS EDITOR
December 2, 2020
in Business
0
City of Las Vegas utilises BitDam ATP to protect from advanced cyberthreats
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Microsoft has added support for Zerologon exploitation detection to Microsoft Defender for Identity to allow Security Operations teams to detect on-premises attacks attempting to abuse this critical vulnerability.

Microsoft Defender for Identity (previously known as Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution designed to leverage on-premises Active Directory signals to detect and analyze compromised identities, advanced threats, and malicious insider activity targeting an enrolled organization.

Microsoft Defender for Identity can detect this vulnerability early on,” Microsoft program manager Daniel Naim said. “It covers both the aspects of exploitation and traffic inspection of the Netlogon channel.”

Alerts displayed whenever Zerologon exploitation or related activity is detected will allow SecOps teams to quickly get info on the device or the domain controller behind attack attempts.

The alerts will also provide information that can help identify targeted asserts and if the attacks were successful.

“Finally, customers using Microsoft 365 Defender can take full advantage of the power of the signals and alerts from Microsoft Defender for Identity, combined with behavioral events and detections from Microsoft Defender for Endpoint,” Naim added.

“This coordinated protection enables you not just to observe Netlogon exploitation attempts over network protocols, but also to see device process and file activity associated with the exploitation.”

Zerologon detection alert
Zerologon detection alert (Microsoft)

Multi-stage patch rollout

Zerologon is a critical flaw that can be exploited by attackers to elevate privileges to spoof a domain controller account which enables them to take full control of the entire domain by stealing domain credentials, changing any user’s password, as well as executing arbitrary commands.

Microsoft is still in the process of rolling out the fix for the Zerologon flaw as part of a two-stage process seeing that it can cause some of the impacted devices to go through various authentication problems.

Since the initial advisory regarding Zerologon patching was confusing, Microsoft clarified the steps admins have to take to protect devices against attacks.

The patch plan outlined by Microsoft requires admins to go through the following steps:

  1. UPDATE your Domain Controllers with an update released August 11, 2020, or later.
  2. FIND which devices are making vulnerable connections by monitoring event logs.
  3. ADDRESS non-compliant devices making vulnerable connections.
  4. ENABLE enforcement mode to address CVE-2020-1472 in your environment.

Ongoing attacks targeting vulnerable servers

Microsoft warned that both state-backed and financially motivated threat actors are actively exploiting systems unpatched against the ZeroLogon vulnerability at the end of October and in September.

Both times, the company urged IT admins to apply security updates issued as part of the August 2020 Patch Tuesday to secure their networks against incoming attacks leveraging publicly available ZeroLogon exploits.

“We strongly encourage anyone who has not applied the update to take this step now. Customers need to both apply the update and follow the original guidance as described in KB4557222 to ensure they are fully protected from this vulnerability,” MSRC VP of Engineering Aanchal Gupta said.https://platform.twitter.com/embed/index.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1321905885782941696&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fmicrosoft-defender-for-identity-now-detects-zerologon-attacks%2F&siteScreenName=BleepinComputer&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=550px

Iranian-backed MuddyWater hacking group (aka SeedWorm and MERCURY) started exploiting the flaw in attacks starting with the second half of September.

TA505 (aka Chimborazo), a financially-motivated threat group known for providing a delivery channel for Clop ransomware in the later stages of their attacks, was also detected by Microsoft exploiting the ZeroLogon vulnerability last month.

Chinese APT10 hackers are also actively abusing Zerologon as shown in attacks against Japanese companies and subsidiaries observed by Symantec’s Threat Hunter Team earlier this month.

Right after the initial reports of ZeroLogon exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) demanded from the Federal Civilian Executive Branch to treat the entire ZeroLogon patching process as “an immediate and emergency action.”

Reference:https://www.bleepingcomputer.com/news/security/microsoft-defender-for-identity-now-detects-zerologon-attacks/

Share196Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

Native integration with ZEDEDA’s orchestration solution for the distributed edge enables end-to-end remote management of the entire Azure IoT Edge...

A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

by AZURE SECURITY NEWS EDITOR
February 23, 2021
0

Microsoft has reconfirmed that the "Solorigate" advanced persistent threat attackers saw some of its source code, although "only a few individual files...

8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

by AZURE SECURITY NEWS EDITOR
February 22, 2021
0

NTT last week announced the completion of its first Microsoft Security Project for a cellular operator in Indonesia. The engagement with NTT...

Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

by AZURE SECURITY NEWS EDITOR
February 19, 2021
0

NTT has completed its first Microsoft Security Project for a mobile operator in Indonesia. The engagement with NTT includes consulting,...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In