Newsletter #2 2024

Published on: January 28, 2024

Hi,

First of all, thank you for subscribing and reading the EndpointCave security newsletter.

I feel honored that you will join me on the journey of this bi-weekly Security Newsletter! My goal is to deliver valuable security content directly to you and your inbox.

But I need your help, do you have any valuable content that needs to be shared with the community? Did you create a security blog post or did you find a security-related news item that needs to be mentioned in my upcoming newsletters?

Please send me a message. You can contact me on Twitter (X) or LinkedIn.

As everyone should know it’s going to happen sometime but of course, when it happens we don’t know. As it turns out, even two of the biggest tech companies in the world where security is high on the agenda are even getting hacked. It’s often in a small corner.

Please, don’t go thinking, if it happens even at these large companies with unlimited resources, why should I even protect my organization? This is because there are targeted attacks on these companies. Most attacks are not targeted but a lucky shot and make sure you prevent your organization from those shots.

My advice is to implement XDR and a SIEM solution and monitor your environment for abnormal behavior.

The community has created a lot of content. In this newsletter, I selected 35 community blogs and 1 video. I also highlighted the following items:

  • Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach
  • Become a Microsoft Unified SOC Platform Ninja
  • Microsoft reveals how hackers breached its Exchange Online accounts

Enjoy

Highlights

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.

“The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company said in a regulatory filing with the U.S. Securities and Exchange Commission (SEC).

The intrusion has been attributed to the Russian state-sponsored group known as APT29, which is also tracked under the monikers BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.

For more information about this hack, Read more here

Become a Microsoft Unified SOC Platform Ninja

What is happening to Microsoft Sentinel and Defender XDR?

Microsoft is bringing the Microsoft Defender products together to deliver the most optimized and unified security operations platform. This experience will combine the full power of Microsoft Sentinel with Microsoft Defender XDR into a single portal enhanced with more comprehensive features, AI, automation, guided experiences, and curated threat intelligence. Customers will enjoy a fully integrated toolset to protect, detect, investigate, and respond to threats across every layer of digital estate.

Microsoft has been on a mission to empower security operations teams by unifying the many tools essential for protecting a digital estate and delivering them into an effective solution driven by AI and automation.

To become a Microsoft Unified SOC Platform Ninja, you must follow this training.

More information: Click here

Microsoft reveals how hackers breached its Exchange Online accounts

Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives’ email accounts in November 2023, also breached other organizations as part of this malicious campaign.

Midnight Blizzard (aka Nobelium, or APT29) is believed to be a state-backed cyberespionage group tied to the Russian Foreign Intelligence Service (SVR), primarily targeting government organizations, NGOs, software developers, and IT service providers in the U.S. and Europe.

On January 12, 2024, Microsoft discovered that the Russian hackers breached its systems in November 2023 and stole email from their leadership, cybersecurity, and legal teams. Some of these emails contained information about the hacking group itself, allowing the threat actors to learn what Microsoft knew about them.

For more information about this hack, Read more here

Security topic to watch

Entra ID NEW Guest & External Access Features YOU Need to Know!

In this session, Andy takes you on a journey into Entra ID Guest & External Users. You are going into depth on what are the new features and more importantly what they can do for you. He will cover B2B, B2B Direct Connect, and Tenant to Tenant Collaboration and synchronization. This session is ideal for admins or students who want to learn about these new features and how they can help your business.

Click here to view the video on YouTube

Blogs from the community

This is the end of this newsletter. Thank you for reading the Endpoint Security newsletter, I hope you have found valuable content that you can use.

Do you have any feedback? Please feel free to share your thoughts and suggestions with me for future editions. Any valuable content of blogs that I need to monitor or share.  Please send me a message. You can contact me on Twitter (X) or LinkedIn.

Kind Regards,

René Laas – MVP
EndpointCave

Subscribe or follow me

DON’T MISS A BEAT

Receive the bi-weekly newsletter directly in your mailbox

Followon TwitterSubscribeto RSS Feed

Latest blog posts