Latest Threat Intelligence (May, 2021)

%3CLINGO-SUB%20id%3D%22lingo-sub-2315577%22%20slang%3D%22en-US%22%3ELatest%20Threat%20Intelligence%20(May%2C%202021)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2315577%22%20slang%3D%22en-US%22%3E%3CDIV%20id%3D%22x_x_Signature%22%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CP%3EMicrosoft%20has%20released%20the%20May%202021%20Threat%20Intelligence%20update%20package.%20The%20package%20is%20available%20for%20download%20from%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fms.portal.azure.com%2F%23blade%2FMicrosoft_Azure_IoT_Defender%2FIoTDefenderDashboard%2FGetting_Started%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%22%20data-auth%3D%22NotApplicable%22%20data-linkindex%3D%221%22%3EAzure%20Defender%20for%20IoT%20portal%3C%2FA%3E%26nbsp%3B(click%20Updates%2C%20then%20Download%20file).%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThreat%20Intelligence%20updates%20reflect%20the%20combined%20impact%20of%20proprietary%20research%20and%20threat%20intelligence%20carried%20out%20by%20Microsoft%20security%20teams.%26nbsp%3B%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22arielsgv_0-1619985203373.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F277406iAED42359448DC299%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22arielsgv_0-1619985203373.png%22%20alt%3D%22arielsgv_0-1619985203373.png%22%20%2F%3E%3C%2FSPAN%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThe%20package%20includes%20the%20latest%20CVEs%20(Common%20Vulnerabilities%20and%20Exposures)%20and%20IOCs%20(Indicators%20of%20Compromise)%20applicable%20for%20IoT%2FICS%2FOT%20networks%20(published%20during%20the%20month%20of%20April).%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3ECVEs%20provide%26nbsp%3Ba%20reference%20method%20for%20publicly%20known%20information%26nbsp%3B%3C%2FSPAN%3Esecurity%20vulnerabilities%26nbsp%3B%3CSPAN%3Eand%20exposures%2C%20and%20are%20available%20for%20reference%20on%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcve.mitre.org%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%22%20data-auth%3D%22VerificationFailed%22%20data-linkindex%3D%222%22%3EMITRE%20site%3C%2FA%3E%2C%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fnvd.nist.gov%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%22%20data-auth%3D%22VerificationFailed%22%20data-linkindex%3D%223%22%3ENational%20Vulnerability%20Database%20site%20(NVD)%3C%2FA%3E%26nbsp%3Bas%20well%20as%20IoT%2FOT%20specific%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%22%20data-auth%3D%22VerificationFailed%22%20data-linkindex%3D%224%22%3EICS-CERT.%3C%2FA%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CH3%20id%3D%22toc-hId-2027389041%22%20id%3D%22toc-hId-2027389065%22%3E%3CSTRONG%3EUpdate%20your%20system%20with%20the%20latest%20TI%20package%3A%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%3EStartin%20with%20sensor%20version%2010.3%20-%26nbsp%3BNew%20threat%20intelligence%20packages%20can%20now%20be%20automatically%20pushed%20to%20cloud-connected%20sensors%20as%20they%20are%20released%20by%20Microsoft%20Defender%20for%20IoT%2C%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdefender-for-iot%2Frelease-notes%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20data-auth%3D%22VerificationFailed%22%20data-linkindex%3D%225%22%3E%3CSPAN%3Eclick%20here%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bfor%20more%20information.%26nbsp%3BWorking%20with%20automatic%20updates%20helps%20reduce%20operational%20efforts%20and%20ensure%20greater%20security.%20Enable%20automatic%20updating%20by%20onboarding%20your%20cloud-connected%20sensor%20on%20the%26nbsp%3B%3CA%20title%3D%22https%3A%2F%2Fms.portal.azure.com%2F%23blade%2FMicrosoft_Azure_IoT_Defender%2FIoTDefenderDashboard%2FSites%22%20href%3D%22https%3A%2F%2Fms.portal.azure.com%2F%23blade%2FMicrosoft_Azure_IoT_Defender%2FIoTDefenderDashboard%2FSites%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%22%20data-auth%3D%22NotApplicable%22%20data-linkindex%3D%226%22%3EDefender%20for%20IoT%20portal%3C%2FA%3E%26nbsp%3Bwith%20the%20Automatic%20Threat%20Intelligence%20Updates%20toggle%20turned%20on.%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20package%20can%20also%20be%20downloaded%20from%20the%20Azure%20Defender%20for%20IoT%20Portal%2C%20Updates%20page%3A%3C%2FP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22arielsgv_1-1619985203863.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F277407i5DF05B8AAFBC326B%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22arielsgv_1-1619985203863.png%22%20alt%3D%22arielsgv_1-1619985203863.png%22%20%2F%3E%3C%2FSPAN%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20update%20a%20package%20on%20a%20single%20sensor%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EGo%20to%20the%20Azure%20Defender%20for%20IoT%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EUpdates%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Epage.%3C%2FLI%3E%0A%3CLI%3EDownload%20and%20save%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EThreat%20Intelligence%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Epackage.%3C%2FLI%3E%0A%3CLI%3ESign%20into%20the%20sensor%20console.%3C%2FLI%3E%0A%3CLI%3EOn%20the%20side%20menu%2C%20select%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3ESystem%20Settings%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3ESelect%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EThreat%20Intelligence%20Data%3C%2FSTRONG%3E%2C%20and%20then%20select%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EUpdate%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EUpload%20the%20new%20package.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3ETo%20update%20a%20package%20on%20multiple%20sensors%20simultaneously%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EGo%20to%20the%20Azure%20Defender%20for%20IoT%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EUpdates%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Epage.%3C%2FLI%3E%0A%3CLI%3EDownload%20and%20save%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EThreat%20Intelligence%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Epackage.%3C%2FLI%3E%0A%3CLI%3ESign%20into%20the%20management%20console.%3C%2FLI%3E%0A%3CLI%3EOn%20the%20side%20menu%2C%20select%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3ESystem%20Settings%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3CLI%3EIn%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3ESensor%20Engine%20Configuration%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Esection%2C%20select%20the%20sensors%20that%20should%20receive%20the%20updated%20packages.%3C%2FLI%3E%0A%3CLI%3EIn%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3ESelect%20Threat%20Intelligence%20Data%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Esection%2C%20select%20the%20plus%20sign%20(%3CSTRONG%3E%2B%3C%2FSTRONG%3E).%3C%2FLI%3E%0A%3CLI%3EUpload%20the%20package.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EFor%20more%20information%2C%20please%20review%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdefender-for-iot%2Fhow-to-work-with-threat-intelligence-packages%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20data-auth%3D%22VerificationFailed%22%20data-linkindex%3D%227%22%3EUpdate%20threat%20intelligence%20data%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Microsoft

Microsoft has released the May 2021 Threat Intelligence update package. The package is available for download from the Azure Defender for IoT portal (click Updates, then Download file). 

 

Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. 

arielsgv_0-1619985203373.png

 

 

The package includes the latest CVEs (Common Vulnerabilities and Exposures) and IOCs (Indicators of Compromise) applicable for IoT/ICS/OT networks (published during the month of April).
 
CVEs provide a reference method for publicly known information security vulnerabilities and exposures, and are available for reference on the MITRE site, in the National Vulnerability Database site (NVD) as well as IoT/OT specific ICS-CERT.
  

Update your system with the latest TI package:

Startin with sensor version 10.3 - New threat intelligence packages can now be automatically pushed to cloud-connected sensors as they are released by Microsoft Defender for IoT, click here for more information. Working with automatic updates helps reduce operational efforts and ensure greater security. Enable automatic updating by onboarding your cloud-connected sensor on the Defender for IoT portal with the Automatic Threat Intelligence Updates toggle turned on.

 

The package can also be downloaded from the Azure Defender for IoT Portal, Updates page:

arielsgv_1-1619985203863.png

 

 

To update a package on a single sensor:

  1. Go to the Azure Defender for IoT Updates page.
  2. Download and save the Threat Intelligence package.
  3. Sign into the sensor console.
  4. On the side menu, select System Settings.
  5. Select Threat Intelligence Data, and then select Update.
  6. Upload the new package.

To update a package on multiple sensors simultaneously:

  1. Go to the Azure Defender for IoT Updates page.
  2. Download and save the Threat Intelligence package.
  3. Sign into the management console.
  4. On the side menu, select System Settings.
  5. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages.
  6. In the Select Threat Intelligence Data section, select the plus sign (+).
  7. Upload the package.

For more information, please review Update threat intelligence data | Microsoft Docs

0 Replies