The US CISA’s new tool finds malicious activity in Microsoft’s cloud services
The US Cybersecurity & Infrastructure Security Agency (CISA) has released a new tool that enables detecting signs of hacking in Microsoft’s cloud services.
A new open-source incident tool called the “Untitled Goose Tool” developed in collaboration with Sandia, a US Department of Energy national laboratory, can copy telemetry data from Azure Active Directory, Microsoft Azure and Microsoft 365 services, reports BleepingComputer.
“The Untitled Goose Tool is a robust and flexible hunting and incident response tool that adds new authentication and data collection methods to perform a complete investigation of a customer’s Azure Active Directory (AzureAD), Azure and M365 environments,” says CISA.
“Untitled Goose Tool collects additional telemetry from Microsoft Defender for Endpoint Ilta (MDE) and Defender for Internet of Things (IoT) (D4IoT),” it added.
This tool was created to assist incident response teams by exporting cloud artifacts post-incident to environments that do not use logs for Security Information and Event Management (SIEM) or other long-term logging solutions.
In addition, earlier this month CISA released an open source tool called “Decider” that helps defenders generate MITER ATT&CK mapping reports to change their security posture based on adversary tactics and approaches.
Earlier this month, the US Federal Bureau of Investigation (FBI) warned that fraudsters are now using fake prizes in so-called “play-to-earn” mobile and online games to steal millions worth of cryptocurrency.
They achieve this by using customized gaming applications that promise massive financial rewards directly proportional to investments made in prospects with whom they have previously established trust through long online conversations.
Read all the Latest Tech News here.
