[Some Interesting] Cloud ‘n Sec news: 8th Apr 22
What’s worth your reading time
Cloud
Azure
New Server plans for Microsoft for Cloud
Microsoft announced the release of new Defender for Cloud server licensing tiers. The new tiers allow for more granular choice of server protection (CWPP) capabilities.
Plan 1 is entirely new, adding an optional subset capability for multi-cloud, server protection.
The feature set that relates to the old licensing tier is Plan 2, the most feature rich of the two.
The official documentation shares the features available in each of the new plans:
Security
Industry
Github auto-blocks commits with API keys
This is a handy new feature in GitHub. Where previously, one could accidentally upload secrets as part of the code in a commit, now they cannot, the platform checks for secrets during commit.
In the official news post, GitHub said:
By scanning for highly identifiable secrets before they are committed, we can, together, shift security to being proactive instead of reactive and prevent secrets from leaking altogether.
Check it out, Gif courtesy of GitHub from the link above:
Learn more and how to enable this in the official announcement.
Windows 11 new security features
Microsoft announced this week new security features in their Desktop OS.
A raft of features announced, including hardware and software improvements. While I previously covered the importance of the hardware improved officially shipping now (Pluton chips) they also announced exciting new features such as, and I quote their announcement post:
Enhanced phishing detection and protection with Microsoft Defender SmartScreen: (…) The enhanced phishing detection and protection built into Windows with Microsoft Defender SmartScreen will help protect users from phishing attacks by identifying and alerting users when they are entering their Microsoft credentials into a malicious application or hacked website.
Additional protection for Local Security Authority (LSA) by default: (…) The LSA is (…) responsible for authenticating users and verifying Windows logins. It is responsible for handling user credentials, like passwords, and tokens used to provide single sign-on to Microsoft accounts and Azure services. Attackers have developed tools and have abused Microsoft tools to take advantage of this process to steal credentials. To combat this, additional LSA protection will be enabled by default in the future for new, enterprise-joined Windows 11 devices making it significantly more difficult for attackers to steal credentials by ensuring LSA loads only trusted, signed code.
The full list of features is the following:
- Pluton SHIPPING
- HVCI/VBS on default ALL CPUs
- Credguard default ON
- LSASS Protection default ON
- EXE signed or rep REQUIRED
- Script Blocking from Internet
- Enhanced Phishing
- File Layer Encryption with Hello
Learn more in the official post.
Threats
Darknet Market taken down
A massive darknet (diary? no!) market was taken down by German Police.
Bleeping Computer reported, and I quote:
The servers of Hydra Market, the most prominent Russian darknet platform for selling drugs and money laundering, have been seized by the German police.
The police were also able to seize 543 bitcoins from the profits of Hydra, which are currently worth a little over $25 million.
The confiscated money indicate the size of the Hydra market, which counted around 19,000 registered seller accounts that served at least 17 million customers around the world.
Read more in the report by Bleeping computer linked previously.
