Latest news with #MidnightBlizzard
Techday NZ
4 days ago
- Business
- Techday NZ
Abnormal AI launches updated Microsoft 365 security solution
Abnormal AI has launched an updated Security Posture Management product aimed at providing AI-driven protection, automated prioritisation, and remediation guidance for Microsoft 365 environments. The company's revised offering addresses the challenges created by increasingly complex Microsoft 365 ecosystems, where accidental misconfigurations are contributing to cloud email vulnerabilities. The proliferation of third-party applications, an expanding layer of settings, and dispersed administrative responsibilities within organisations have resulted in potential blind spots and inadvertent security gaps. Previously, such vulnerabilities have reportedly been exploited by threat groups including Midnight Blizzard. Abnormal AI states that its extensive integration with Microsoft 365, coupled with its experience in counteracting advanced email threats, enables it to uncover configuration risks that might otherwise go undetected. The new add-on component for Security Posture Management is designed to continuously identify misconfigurations spanning users, applications, and tenants, providing security teams with actionable visibility and enhanced control. The company highlights three principal features of the updated product: comprehensive visibility, automated prioritisation, and remediation guidance. According to Abnormal AI, the solution continuously uncovers risky Microsoft 365 misconfigurations using CIS benchmarks and Abnormal's own threat intelligence. Automated prioritisation is intended to ensure that the most critical risks, based on their impact, prevalence, and relevance to the organisation's environment, are addressed first. Remediation guidance offers clear instructions for resolving identified issues, aiming to eliminate the need for manual audits or custom scripting. "Thousands of organisations rely on Abnormal to stop email-based attacks like phishing and account compromise. But attackers are also exploiting misconfigurations to bypass phishing defences," said Evan Reiser, CEO of Abnormal AI. "Because we already integrate deeply with Microsoft 365 to protect inbound email, we can extend our API-based architecture to detect these hidden risks. Security Posture Management gives security teams continuous visibility into misconfiguration risks across their entire Microsoft 365 environment." The latest enhancement to Security Posture Management arrives as businesses continue to face a fluid threat landscape, particularly around widespread platforms such as Microsoft 365. With increasing adoption of cloud-based collaboration tools, proper configuration has become a central focus for security teams seeking to mitigate the risk of account compromise and unauthorised access. Abnormal AI describes its platform architecture as supporting quick deployment through API integration with both Microsoft 365 and Google Workspace, as well as other cloud applications including Slack, Workday, ServiceNow, and Zoom. The firm reports that its services are presently used by more than 3,200 organisations worldwide, including a substantial segment of the Fortune 500. The company has stated that its anomaly detection engine leverages a range of contextual signals to analyse risk on every cloud email event, supporting the detection and blocking of socially-engineered attacks. This is positioned as part of a broader trend within cybersecurity that leverages artificial intelligence and machine learning to counter increasingly sophisticated attack techniques. Abnormal AI has indicated that additional demonstrations of its Security Posture Management capabilities, including the updated features, are being made available to interested parties and customers. Further details are available from the company upon request.
Business Wire
6 days ago
- Business
- Business Wire
Abnormal AI Launches Continuous Security Posture Management to Safeguard Microsoft 365 Environments
LAS VEGAS--(BUSINESS WIRE)-- Abnormal AI, the leader in AI-native human behavior security, today announced its updated Security Posture Management product, bringing AI-driven protection, automated prioritization, and remediation guidance to customers' Microsoft 365 environments. As Microsoft 365 environments become more complex, accidental misconfigurations are now a leading cause of cloud email vulnerabilities. The growing number of applications, layered settings, and fragmented ownership create blind spots and accidental openings that threat actors like Midnight Blizzard have exploited in the past. With deep Microsoft 365 integration and a proven ability to stop advanced email threats, Abnormal is ideally positioned to uncover these configuration risks. The new Security Posture Management add-on continuously detects misconfigurations across users, apps, and tenants, giving security teams the visibility and control they need to stay ahead of attackers. 'Thousands of organizations rely on Abnormal to stop email-based attacks like phishing and account compromise. But attackers are also exploiting misconfigurations to bypass phishing defenses,' said Evan Reiser, CEO of Abnormal AI. 'Because we already integrate deeply with Microsoft 365 to protect inbound email, we can extend our API-based architecture to detect these hidden risks. Security Posture Management gives security teams continuous visibility into misconfiguration risks across their entire Microsoft 365 environment.' Key capabilities include: Comprehensive Visibility: Continuously uncovers risky Microsoft 365 misconfigurations using CIS benchmarks and Abnormal threat intelligence. Automated Prioritization: Surfaces the most dangerous risks first by factoring in impact, prevalence, and environment. Remediation Guidance: Provides clear, actionable fixes with no manual audits or scripting. Additional Resources: Visit Abnormal at Black Hat 2025: Abnormal will be showcasing new Security Posture Management capabilities throughout the week at the CyBRR Cafe, located in front of the Expo Hall at Mandalay Bay. Demos are available upon request. Discover More: Learn more about this product release in this blog post from CEO Evan Reiser. About Abnormal AI: Abnormal AI is the leading AI-native human behavior security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications. The anomaly detection engine leverages contextual signals to analyze the risk of every cloud email event—detecting and blocking sophisticated, socially-engineered attacks that target human vulnerability. Abnormal is designed to be deployed in minutes via an API integration with Microsoft 365 or Google Workspace, unlocking the full value of the platform instantly. Additional protection is available for Slack, Workday, ServiceNow, Zoom, and multiple other cloud applications. Abnormal is currently trusted by more than 3,200 organizations, including 25% of the Fortune 500, as it continues to redefine how cybersecurity works in the age of AI. Learn more at
Techday NZ
17-07-2025
- Business
- Techday NZ
SquareX unveils field manual to tackle rising browser threats
SquareX has launched "The Browser Security Field Manual", a detailed guide to browser-based cyberattacks, with contributions from chief information security officers (CISOs) of high-profile companies including Arista Networks, Dyson and Expedia. The manual, authored by cybersecurity specialists Vivek Ramachandran and Audrey Adeline, aims to address what the company describes as a growing risk area for businesses, reflecting the shift of the browser into the central point of user interaction in modern workplaces. Industry perspectives The guide not only details the techniques, tactics and procedures (TTPs) leveraged by attackers in the browser but also presents real-world commentary from CISOs such as Rathi Murthy, who serves as Chief Technology Officer at Varo Bank and has previously held leadership positions at Expedia and Verizon, Rahul Kashyap, former CISO at Arista Networks, and John Carse, former CISO at Dyson. This collaborative approach seeks to reflect the evolving strategies adversaries use to exploit browser vulnerabilities and the industry's current understanding and response to these threats. Responding to browser attacks SquareX states that browsers have emerged as a primary attack vector, stemming from their role as essential endpoints in enterprise environments. Attacks referenced in the new manual include the Cyberhaven breach, the proliferation of polymorphic extensions, and incidents such as the Midnight Blizzard remote desktop protocol (RDP)-based attack – all of which, according to the company, highlight the need for further awareness and resources in this sphere. The field manual systematises knowledge about browser threats across five primary vectors: phishing, malicious browser extensions, browser-based data loss, identity attacks, and browser-native ransomware. The book includes sample code and real-world case studies to bring these threats to life for practitioners. Audrey Adeline, SquareX Researcher and Co-author of The Browser Security Field Manual, said, Attackers thrive on information arbitrage. As the place where 85% of work happens, it's imperative that security teams understand how their employees are being targeted. We've been extremely fortunate to work closely with some of the industry's top thought leaders, and we hope that this new edition of The Browser Security Field Manual will provide security teams with not only the practical aspect of browser security, but also an industry perspective of how these threat vectors are impacting organizations in real life today and how they may evolve in the future. The manual is designed for a range of users, from technical practitioners to those responsible for organisational oversight in cybersecurity, and includes perspectives both on day-to-day risks and the anticipated evolution of browser attacks. Industry collaboration The current edition builds upon feedback developed during an earlier, limited release at a prior security event, where copies were distributed to hundreds of CISOs for input. SquareX notes that many of these professionals directly contributed their insights, shaping the content to closely align with the operational challenges security teams are currently facing. The Browser Security Field Manual will be available at official bookstores during Black Hat and DEF CON 33 events, with the authors set to attend book signings at both venues. The publication is also available for pre-order via its dedicated website, allowing broader access to practitioners worldwide. SquareX's approach to browser security The company's browser extension is designed to equip organisations with tools to detect and respond to a spectrum of web-based threats, including malicious extensions and browser-native ransomware, aiming to work without interfering with typical user experience or productivity. SquareX's focus on integrating advanced security features directly into users' browsers is intended to give security professionals increased visibility and control over browser-related risks, a priority as browser-based workflows continue to dominate the enterprise landscape. The newly launched manual is part of SquareX's ongoing efforts to supply the information and resources organisations require to defend against the shifting browser threatscape.
Business Insider
17-07-2025
- Business
- Business Insider
SquareX Collaborates with Top Fortune 500 CISOs to Launch The Browser Security Field Manual at Black Hat
Palo Alto, California, July 17th, 2025, CyberNewsWire SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune 500 enterprises and other iconic companies, who share their perspectives on the evolving browser security landscape, the importance of each threat vector, and how they expect these attacks to evolve in the near future. Major contributors include: Rathi Murthy, CTO of Varo Bank, Fmr. CTO of Expedia and Verizon Rahul Kashyap, Fmr. CISO at Arista Networks John Carse, Fmr. CISO at Dyson As the browser becomes the new endpoint, it has also become the single most common initial access point attackers use to target employees. This is evident in the recent uptick in browser-based attacks such as the Cyberhaven breach, polymorphic extensions and Midnight Blizzard RDP-based attack. Yet, despite the increasing awareness of the browser security gap, given the nascency of the space, most security professionals lack the resources and tools to learn about this emerging threat landscape. To address this gap, The Browser Security Field Manual systematically guides practitioners through the techniques attackers are using to target employees in the browser across five major threat vectors - Phishing, Malicious Browser Extensions, Browser-based Data Loss, Identity Attacks and Browser-Native Ransomware. Co-authored by Audrey Adeline and Vivek Ramachandran, the book covers everything from common to bleeding edge techniques, including sample code snippets and case studies of such attacks unfolding in real life. "Attackers thrive on information arbitrage. As the place where 85% of work happens, it's imperative that security teams understand how their employees are being targeted," said Audrey Adeline, SquareX Researcher and Co-author of The Browser Security Field Manual. "We've been extremely fortunate to work closely with some of the industry's top thought leaders, and we hope that this new edition of The Browser Security Field Manual will provide security teams with not only the practical aspect of browser security, but also an industry perspective of how these threat vectors are impacting organizations in real life today and how they may evolve in the future." This release builds on a successful soft launch of the book at RSAC this year, where SquareX shared early copies with hundreds of CISOs for early feedback and worked closely with many of these security leaders to incorporate their deep industry insights into the second edition of the book. The Browser Security Field Manual will be available at Black Hat and DEF CON 33 bookstores, with the authors participating in both stores' book signing event. The Black Hat book signing event is taking place at the Black Hat bookstore on Thursday August 7 at 3:00pm - 3.30pm. The book is also available for pre-order via The Browser Security Field Manual website. Alternatively, you can find out more about the manual at SquareX Booth #6825 during Black Hat on August 6 from 10am to 6pm or on August 7 from 10am to 4pm. About SquareX SquareX's browser extension transforms any browser on any device into an enterprise-grade secure browser. SquareX's industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt client-side web attacks including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI data loss prevention, and more. Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users' existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector – the browser. Users can find out more at Contact Junice Liew
Yahoo
03-06-2025
- Business
- Yahoo
CrowdStrike and Microsoft Collaborate to Harmonize Cyber Threat Attribution
Landmark industry collaboration maps threat actor aliases across vendors to accelerate response and strengthen global cyberdefense AUSTIN, Texas, June 02, 2025--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) and Microsoft today announced a collaboration to bring clarity and coordination to how cyber threat actors are identified and tracked across security vendors. By mapping threat actor aliases and aligning adversary attribution across platforms, the collaboration minimizes confusion caused by different naming systems and accelerates cyber defenders' response against today's and tomorrow's most sophisticated adversaries. The cybersecurity industry has developed multiple naming systems for threat actors, each grounded in unique vantage points, intelligence sources, and analytic rigor. These taxonomies provide critical adversary context to help organizations understand the threats they face, who is targeting them, and why. But as the adversary landscape grows, so does the complexity of cross-vendor attribution. Through this deeper collaboration, CrowdStrike and Microsoft have developed a shared mapping system – a 'Rosetta Stone' for cyber threat intelligence – that links adversary identifiers across vendor ecosystems without mandating a single naming standard. By reducing ambiguity in how adversaries are labeled, this mapping enables defenders to make faster, more confident decisions, correlate threat intelligence across sources, and better disrupt threat actor activity before it causes harm. By making it easier to connect naming conventions like COZY BEAR and Midnight Blizzard, the mapping supports quicker decision-making and unified threat response across taxonomies. "This is a watershed moment for cybersecurity. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it's our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike's mission from day one," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. "CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behavior. Together, we're combining strengths to deliver clarity, speed, and confidence to defenders everywhere." The collaboration will start with a shared analyst-led effort to harmonize adversary naming between CrowdStrike and Microsoft's threat research teams. Through this collaboration, the companies have already deconflicted more than 80 adversaries, including validating threat actors like Microsoft's Volt Typhoon and CrowdStrike's VANGUARD PANDA are Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russia-nexus adversary. This demonstrates the real-world value of shared attribution. Moving forward, CrowdStrike and Microsoft will continue working together to expand this effort, inviting other partners to contribute to and maintain a shared threat actor mapping resource for the global cybersecurity community. "Cybersecurity is a defining challenge of our time, especially in today's AI-driven era," said Vasu Jakkal, Corporate Vice President, Microsoft Security. "Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport and when defenders can share and react to information faster it makes a difference in how we protect the world." This collaboration builds on each company's deep history of threat intelligence leadership and advances a shared mission: delivering better outcomes for defenders by putting customers first and the mission before the market. To learn more about the CrowdStrike and Microsoft collaboration on cyber threat attribution, please visit our blog. About CrowdStrike CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world's most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value. CrowdStrike: We stop breaches. Learn more: Follow us: Blog | X | LinkedIn | Facebook | Instagram Start a free trial today: © 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services. View source version on Contacts Media Contacts: Jake SchusterCrowdStrike Corporate Communicationspress@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
