Newsletter #3 2023

Published on: October 08, 2023

Hi,

First of all, thank you for subscribing and reading the EndpointCave security newsletter.

I feel honored that you will join me on the journey of this bi-weekly Security Newsletter! My goal is to deliver valuable security content directly to you and your inbox.

But I need your help, do you have any valuable content that needs to be shared with the community? Did you create a security blog post or did you find a security-related news item that needs to be mentioned in my upcoming newsletters?

Please send me a message. You can contact me on Twitter (X) or LinkedIn.

October means Security Awareness Month, so a lot of content will be created and published. In the last two weeks, the community has created a lot of content.

First, I want to start with a question. As we all know, techniques will help us to protect ourselves or our users from hackers. But people are still humans and they make mistakes. And that is OK.

I see a lot of companies sending out phishing campaigns with the goal of testing the users.  I do not prefer this method of awareness. I do like to help them to understand cybersecurity with training and help them to recognize a phishing email. and give them a reward if they forward suspicious emails to security.

So it’s security Awareness month and my question is: What are you doing about security awareness?

Security topics to watch

The Microsoft 425Show has released a video about Microsoft Entra ID Authentication Strengths Deep Dive.

Click Here to view the video on YouTube.

John Savill has released a video about Microsoft Entra ID Governance and will discuss: What is the Microsoft Entra ID Governance license and what are some key recent governance capabilities?

Click Here to view the video on YouTube.

The video of Microsoft Security will show step by step migration of a user doing Certificate-based Authentication with ADFS to access Microsoft Entra ID to be a cloud-managed user and do Certificate-based Authentication directly against Microsoft Entra ID without the need for a federated server like ADFS.

Click Here to view the video on YouTube.

The majority of Fortune 500 organizations are using Azure Active Directory (Azure AD) as Identity and Access Management (IAM) solution. The high adoption rate makes Azure AD a lucrative target for threat actors, including state-sponsored actors like APT29/Nobelium. Azure AD is leveraging Microsoft’s not-so-well-documented Evolved Security Service (eSTS). eSTS hides multiple security token services so that users see only Azure AD

Click Here to view the Black Hat video on YouTube.

Gianni Castaldi, Alex Verboon, and Brian Bønk Rueløkke have released a video about KQL.

Click Here to view the video on YouTube.

The Microsoft Sentinel DoD Zero Trust Workbook provides a single platform to assess posture relative to the US Department of Defense’s Zero Trust strategy as well as actionable steps for improving alignment with the guidance across all seven pillars of zero trust. Join this webinar to discover how this workbook serves as an excellent foundational resource for customers aiming to enhance their security posture.

Click Here to view the video on YouTube.

Blogs from the community

Thank you for being a part of my newsletter, I hope you found valuable content in my newsletter. I look forward to delivering more valuable content in the future.

Your feedback is welcome, so please feel free to share your thoughts and suggestions for future editions.

Kind Regards,

René
EndpointCave

Subscribe or follow me

DON’T MISS A BEAT

Receive the monthly newsletter directly in your mailbox

Followon XSubscribeto RSS Feed

Latest blog posts