User Profile
arielsgv
MicrosoftJoined 6 years ago
User Widgets
Recent Discussions
Latest Threat Intelligence (December 2023)
Microsoft Defender for IoT has released the December 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 2d50d91b1a5bbfc9127f39a1a1a696dc For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (November 2023)
Microsoft Defender for IoT has released the November 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: d0a3377aa9c2f70f8dc298ad978c5482 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (October 2023)
Microsoft Defender for IoT has released the October 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 75cb715ae9174fc57abac68ebebc5d48 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (August 2023)
Microsoft Defender for IoT has released the August 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: e04c8c5c4837f99dfd4b41d448bf5e92 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (July 2023)
Microsoft Defender for IoT has released the July 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. The Threat Intelligence package for this month provides indicators to identify devices affected by the Rockwell Automation ControlLogix Firmware vulnerabilities CVE-2023-3595 and CVE-2023-3596, as well as detections designed to warn users of attempts to exploit these vulnerabilities. This package also includes indications for Honeywell Experion PKS, LX, and PlantCruise devices affected by the CVEs in ICSA-23-194-06 vulnerabilities (CVE-2023-23585, CVE-2023-25078, CVE-2023-2023-25948, CVE-2023-2023-26597, CVE-2023-24480, CVE-2023-25770, CVE-2023-25178, CVE-2023-22435, CVE-2023-2023-24474). Consequently, these devices may be vulnerable to remote code execution (RCE), denial of service (DoS), spoofing attacks, or they may even be disabled. Users must update their systems to the latest version to be safe from these vulnerabilities. Rockwell Automation and Honeywell have released patches to address these issues. It is recommended to install the patches as soon as possible. These CVEs can only be exploited by the attacker who has direct access to the systems that are affected. In order to mitigate the risks, we recommend the following measures: The affected devices should be updated with the latest firmware Keep a close eye on any unauthorized access attempts to the systems and minimize exposure and access to them. Ensure that network monitoring is monitoring systems with these devices to be able to detect and track any behavior deviations from baseline. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 0442443fd124f59796c20dc65b486b3d For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (June 2023)
Microsoft Defender for IoT has released the June 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: c34371c0365974474e57e20a3eae0077 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (May 2023)
Microsoft Defender for IoT has released the May 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 26c95045264a9c5c615985d4042f925c For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (March 2023)
Microsoft Defender for IoT has released the March 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 982bf4ffa90508ba4475c80c4d4a6bd6 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (February 2023)
Microsoft Defender for IoT has released the February 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 94b203303894e2c974f5b87ede99faa9 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (January 2023)
Microsoft Defender for IoT has released the January 2023 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash - 81b541de9c2d2bf80333da437d8e3e58 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (December 2022)
Microsoft Defender for IoT has released the December 2022 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash - c9642c326739158ea85d43b60e01086c For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (November 2022)
Microsoft Defender for IoT has released the November 2022 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. November Updates With this release, Microsoft Defender for IoT has expanded vulnerability detection capabilities for known OT vulnerabilities across supervisory control and data acquisition (SCADA) devices issued since 2008 and included new detections for Text4Shell (CVE-2022-42889) and the recently released path traversal vulnerability in the implementation of the Totalflow TCP protocol in ABB (CVE-2022-0902). Detections for the Text4Shell vulnerability (CVE-2022-42889) in the “Apache Commons Text” Java library were added with this month’s threat intelligence update. This vulnerability allows an attacker to send malicious inputs that can execute arbitrary code, call a remote URL or send an unauthorized DNS request. Customers using Apache Commons Text versions between 1.5 and 1.9 are recommended to update to version 1.10. The November Threat Intelligence package contains high-severity CVEs, including CVE-2022-38465. An attacker exploiting this vulnerability in Siemens SIMATIC S7-1200 and S7-1500 CPU families could decrypt information such as passwords and gain full control of the programmable logic controller (PLC) allowing them to perform the following actions: Connect to the PLC Change the PLC’s configuration Upload ladder logic to the PLC Change PLC mode Attacks abusing this vulnerability will display normal behaviors and connections to devices, similar to authorized network and device administrators. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Microsoft Defender for IoT researchers encourage you to review the implementation of devices and software included in the November Threat Intelligence package and to patch devices when relevant to reduce your attack surface. For customers affected by CVE-2022-38465, Microsoft strongly recommends following the mitigation guidelines published by Siemens. To download the firmware updates for S7-1200 directly, please click here, and for S7-1500, click here. Simatic S7-1200 models with firmware versions below v4.5 and S7-1500 models with firmware version below v2.9.2 need to be updated according to the mitigation guidelines. Microsoft Defender for IoT detects suspicious activity on devices by detecting unauthorized PLC activity and connections to unfamiliar and unauthorized IP addresses. Customers interested in identifying which devices may currently be vulnerable to exploitation by threat actors, should access their inventory in Microsoft Defender for IoT. The inventory contains the list of devices according to model and firmware version. For more information about these CVEs or your security posture, please contact us. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash - 8e9e339b2b8f55af1e2e3b01c87cfbd7 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (October 2022)
Microsoft Defender for IoT has released the October 2022 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Defender for IoT’s security research team, Section 52. This Threat Intelligence update contains CVEs released during September. CVEs provide a reference method for publicly known information security vulnerabilities and exposures. Updated CVEs published over the last month are available for reference on the MITRE site, in the National Vulnerability Database site (NVD) as well as IoT/OT specific ICS-CERT. Along with the release of this TI package, provided below further guidance for affected Schneider Electric and Siemens devices which are commonly used in industrial networks. Package Updates With this release, Microsoft Defender for IoT has expanded vulnerability detection capabilities for Siemens industrial equipment including: Siemens RUGGEDCOM RST2288P Siemens RUGGECOM RST2288 Siemens SCALANCE XM-400 Siemens SIMATIC IPC3000 Smart v3 The October Threat Intelligence package contains high-severity CVEs, including CVE-2022-37300. This vulnerability could allow unauthorized users access through weak recovery mechanisms for forgotten passwords in Schneider Electric EcoStruxureTM Control Expert, EcoStruxureTM Process Expert, and Modicon M580 and M340 controller read and write modes when communicating over Modbus data protocols. CVE-2022-37300 Analysis Modbus is a standard communication protocol, which transmits signals from a wide range of devices and controls to controllers and often used to connect to a remote terminal unit (RTU) in supervisory control and data acquisition (SCADA) systems. An attacker abusing this vulnerability can easily recover the password of the controller granting them permissions to change settings, change software and ladder logic installed on the controller which affect device behavior, and delete files. This vulnerability can also allow an attacker to install custom firmware on the controller, conferring device control even if the password is later updated by network operators. Guidance Microsoft Defender for IoT researchers encourage you to review the implementation of the Siemens and Schneider Electric industrial devices included in the October Threat Intelligence package and to patch devices when relevant in order to reduce your attack surface. With the publication of this vulnerability Schneider Electric has issued updates to affected devices and recommended mitigations for customers who cannot update their devices. Given the nature of the vulnerability, Microsoft Defender for IoT strongly recommends immediately patching affected devices and following Schneider Electric’s published mitigations: Use strong passwords and refrain from using default credentials. Segment networks and configure firewalls to block unauthorized access to TCP port 502. Configure devices, access lists and communications according to guidelines issued by Schneider Electric. Use virtual private networks between devices. Secure files and their transfer with encryption and secure communication protocols. Only access files from trusted sources. Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. If you would like more information about these CVEs or have concerns about your security posture, please do not hesitate to reach out. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash - 4126b21d3a5f2e79a350207ee40e5dca For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information.Latest Threat Intelligence (August 2022)
Microsoft has released the August 2022 Threat Intelligence update package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. MD5 Hash - aca94a7ddfac670a1b89f030a7716e76 This package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month). Updated CVEs (CVEs provide a reference method for publicly known information security vulnerabilities and exposures) published over the last month and are available for reference on the MITRE site, in the National Vulnerability Database site (NVD) as well as IoT/OT specific ICS-CERT. Update your system with the latest TI package: Microsoft Defender for IoT automatically updates new threat intelligence packages to cloud-connected sensors upon release, click here for more information. Working with automatic updates reduces operational effort and ensures greater security. Enable automatic updating on the Defender for IoT portal by onboarding your cloud-connected sensor with the toggle for Automatic Threat Intelligence Updates turned on. Additionally, the package can be downloaded from the Microsoft Defender for IoT portal, under Updates: To update a package on a single sensor: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the sensor console. On the side menu, select System Settings. Select Threat Intelligence Data, and then select Update. Upload the new package. To update a package on multiple sensors simultaneously: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the management console. On the side menu, select System Settings. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages. In the Select Threat Intelligence Data section, select the plus sign (+). Upload the package. For more information, please review Update threat intelligence data | Microsoft DocsMicrosoft joins the Operational Technology Cybersecurity Coalition
Washington, DC – The Operational Technology Cybersecurity Coalition (OT Cyber Coalition) announced today that Microsoft, NetRise, and Schneider Electric have joined the Coalition in its commitment to ensuring the resiliency of our nation’s critical infrastructure through interoperable, standards-based cybersecurity solutions. “As leaders in the cybersecurity community, these new members add crucial knowledge about securing operational technology environments,” said Andrew Howell, Executive Director, OT Cyber Coalition. “We look forward to having their voices as part of the Coalition in our ongoing engagement efforts.” Microsoft, NetRise, and Schneider Electric join the Coalition as it continues to engage with industry and government to advocate for vendor-neutral, interoperable standards and help businesses of all sizes strengthen the nation’s collective defense. “We’re honored to be a member of the Operational Technology Cybersecurity Coalition and look forward to collaborating with industry partners to advance operational technology cybersecurity,” said Kevin Reifsteck, Director for Critical Infrastructure Protection, Microsoft. “Rapid digital transformation has increased cybersecurity risks to critical infrastructure, and partnerships like this are key to strengthening our country’s cybersecurity defenses.” “The OT Cyber Coalition is an important step forward in driving vendor transparency and collaboration in operational technology,” said Thomas Pace, CEO, NetRise. “We look forward to joining the Coalition and driving increased visibility to risk across the wide variety of technologies that encompass operational technology.” “We’re very pleased to be joining the OT Cyber Coalition,” said Trevor Rudolph, VP, Global Digital Policy & Regulation, Schneider Electric. “As a critical manufacturer in the OT space, we take the cybersecurity of OT products and systems very seriously. Schneider Electric is joining the Coalition because of the important role it plays in advocating for constructive OT cybersecurity policy directly with U.S. government officials.” ### About the OT Cyber Coalition The Operational Technology Cybersecurity Coalition is a diverse group of leading cybersecurity vendors dedicated to improving the cybersecurity of OT environments. Representing the entire OT lifecycle, the OT Cyber Coalition believes that the strongest, most effective approach to securing our nation’s critical infrastructure is one that is open, vendor-neutral, and allows for diverse solutions and information sharing without compromising cybersecurity defenses. The OT Cyber Coalition was founded by Claroty, Forescout, Honeywell, Nozomi Networks, and Tenable in 2022. For more information, visit https://www.otcybercoalition.org/.Latest Threat Intelligence (July 2022)
Microsoft has released the July 2022 Threat Intelligence update package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. MD5 Hash - e63cd54fb19334cdc23e38ffbbb51106 This package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month). Updated CVEs (CVEs provide a reference method for publicly known information security vulnerabilities and exposures) published over the last month and are available for reference on the MITRE site, in the National Vulnerability Database site (NVD) as well as IoT/OT specific ICS-CERT. Update your system with the latest TI package: Microsoft Defender for IoT automatically updates new threat intelligence packages to cloud-connected sensors upon release, click here for more information. Working with automatic updates reduces operational effort and ensures greater security. Enable automatic updating on the Defender for IoT portal by onboarding your cloud-connected sensor with the toggle for Automatic Threat Intelligence Updates turned on. Additionally, the package can be downloaded from the Microsoft Defender for IoT portal, under Updates: To update a package on a single sensor: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the sensor console. On the side menu, select System Settings. Select Threat Intelligence Data, and then select Update. Upload the new package. To update a package on multiple sensors simultaneously: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the management console. On the side menu, select System Settings. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages. In the Select Threat Intelligence Data section, select the plus sign (+). Upload the package. For more information, please review Update threat intelligence data | Microsoft DocsAzure Defender for IoT - July Release (EIoT GA, OT v22.2.3)
Microsoft is excited to announce July software releases of Azure Defender for IoT. To learn more, visit Azure Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. What's New? Service area Updates Enterprise IoT networks - Enterprise IoT purchase experience and Defender for Endpoint integration in GA OT networks Sensor software version 22.2.3: - PCAP access from the Azure portal - Bi-directional alert synch between sensors and the Azure portal - Support diagnostic log enhancements - Improved security for uploading protocol plugins To update to version 22.2.3: - From version 22.1.x, update directly to version 22.2.3 - From version 10.x, first update to version 21.1.6, and then update again to 22.2.3 For more information, see Update Defender for IoT OT monitoring software. Cloud-only features - Microsoft Sentinel incident synch with Defender for IoT alerts OT Networks - Sensor MD5 Hash - 0bab3616e58d3669b665760926a1dbe1 MD5 Hash - dbe2bcb9623c750143bd083a39b2ae11 About Defender for IoT Azure Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Azure Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments.Latest Threat Intelligence (June 2022)
Microsoft has released the June 2022 Threat Intelligence update package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. MD5 Hash - 63cfe02ccf405960d5a76826d3c0036c This package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month). Updated CVEs (CVEs provide a reference method for publicly known information security vulnerabilities and exposures) published over the last month and are available for reference on the MITRE site, in the National Vulnerability Database site (NVD) as well as IoT/OT specific ICS-CERT. Update your system with the latest TI package: Microsoft Defender for IoT now pushes new threat intelligence packages to cloud-connected sensors upon release, click here for more information. Starting with sensor version 10.3, users can automatically receive up-to-date threat intelligence packages through Microsoft Defender for IoT. Working with automatic updates reduces operational effort and ensures greater security. Enable automatic updating on the Defender for IoT portal by onboarding your cloud-connected sensor with the toggle for Automatic Threat Intelligence Updates turned on. Additionally, the package can be downloaded from the Microsoft Defender for IoT portal, under Updates: To update a package on a single sensor: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the sensor console. On the side menu, select System Settings. Select Threat Intelligence Data, and then select Update. Upload the new package. To update a package on multiple sensors simultaneously: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the management console. On the side menu, select System Settings. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages. In the Select Threat Intelligence Data section, select the plus sign (+). Upload the package. For more information, please review Update threat intelligence data | Microsoft DocsLatest Threat Intelligence (May 2022)
Microsoft has released the May 2022 Threat Intelligence update package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. MD5 Hash - 542b8cffe15b91d1c9bc5f9895f1fd2a This package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month). The current release includes detection rules and IOCs implemented by Section 52 security researchers for: Pipedream/Incontroller modular attack framework and toolkit. The custom tools enable threat actors to conduct automated attacks, search for devices on networks, and disrupt operations and access. For more information, please read the following the recent alert on APT Cyber Tools Targeting ICS/SCADA Devices. BlackCat/ALPHV ransomware. BlackCat operators use previously compromised credentials to gain access to systems, deploy malicious scripts and disable security features. The ransomware has affected over 60 entities worldwide. For detailed IOCs and mitigation guidelines, please see the FBI Flash report for more information. Industroyer2 malware. The Industroyer variant is self-contained and highly customizable, allowing threat actors to adapt the malware to specific devices on OT networks. Updated CVEs (CVEs provide a reference method for publicly known information security vulnerabilities and exposures) published over the last month and are available for reference on the MITRE site, in the National Vulnerability Database site (NVD) as well as IoT/OT specific ICS-CERT. Update your system with the latest TI package: Microsoft Defender for IoT now pushes new threat intelligence packages to cloud-connected sensors upon release, click here for more information. Starting with sensor version 10.3, users can automatically receive up-to-date threat intelligence packages through Microsoft Defender for IoT. Working with automatic updates reduces operational effort and ensures greater security. Enable automatic updating on the Defender for IoT portal by onboarding your cloud-connected sensor with the toggle for Automatic Threat Intelligence Updates turned on. Additionally, the package can be downloaded from the Microsoft Defender for IoT portal, under Updates: To update a package on a single sensor: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the sensor console. On the side menu, select System Settings. Select Threat Intelligence Data, and then select Update. Upload the new package. To update a package on multiple sensors simultaneously: Go to the Microsoft Defender for IoT Updates page. Download and save the Threat Intelligence package. Sign into the management console. On the side menu, select System Settings. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages. In the Select Threat Intelligence Data section, select the plus sign (+). Upload the package. For more information, please review Update threat intelligence data | Microsoft DocsAzure Defender for IoT - Version 22.1.4 Release
Microsoft is excited to announce version 22.1.4 release of Azure Defender for IoT. To learn more, visit Azure Defender for IoT Release Notes | Microsoft Docs Download links available at Defender for IoT Management Portal - Microsoft Azure. What's New? Version 22.1.4 of Microsoft Defender for IoT delivers extended device inventory information on the Azure portal with extended data for the following fields: Description Tags Protocols Scanner Last Activity MD5 Hash - 1ed781cb82492dab1f35983ed331ca0a About Defender for IoT Azure Defender for IoT provides agentless, network-layer security, provides security for diverse industrial equipment, and interoperates with Azure Sentinel and other SOC tools. Continuous asset discovery, vulnerability management, and threat detection for Internet of Things (IoT) devices, operational technology (OT) and Industrial Control Systems (ICS) can be deployed on-premises or in Azure-connected environments.
