Jussi Metso

Chinese have capabilities....."three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extracted Claude's capabilities to improve their own models."
thehackernews.com/2026/02/anth...

PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months PayPal has issued a formal data breach notification disclosing that a coding error in its PayPal Working Capital (PPWC) loan application exposed the personally identifiable information (PII) of an und...

PayPayl Data breach cybersecuritynews.com/paypal-data-...

Book review of The Azure Cloud Native Architecture Mapbook – 2nd Edition This book is for cloud architects, engineers, and technical decision-makers who design, build, or govern solutions on Azure.

New #bookreview www.jussimetso.com/index.php/20...

The patch tuesday msft.it/6018SZEg0

Hackers Use DFIR Tool 'Velociraptor' to Attack VMware ESXi and Windows Servers with Ransomware Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks.

cybersecuritynews.com/dfir-tool-ve...

Major gaming platforms hit by disruptions: unprecedented DDoS suspected Steam, Riot, and other major platforms are experiencing widespread service disruptions, likely due to massive DDoS attacks linked to the Aisuru botnet.

Couple of days ago I noticed that Steam does not work. I thought it might be DDOS and it was. share.google/LTKsVzkZxi2N...

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks Oracle releases an emergency fix for CVE-2025-61882 after Cl0p exploits critical EBS flaw.

thehackernews.com/2025/10/orac...

New EDR-Freeze tool uses Windows WER to suspend security software A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft's Windows Error Reporting (WER) system.

www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.blee...

Checkout this Meetup with Microsoft Security User Group Finland: meetu.ps/e/PrJsH/11qZ...

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants Microsoft patched CVE-2025-55241 July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.

Fixed thehackernews.com/2025/09/micr...

Malware automated remediation in Defender for Storage Defender for Storage now supports different ways to handle malicious files. Now you can select the remediation option that fits your scenario. Built-in remediation capabilities Automated workflows …

New blog about automated malware remediation from storage account blobs www.jussimetso.com/index.php/20...

Hackers Abuse Microsoft Teams to Gain Remote Access on Windows With PowerShell-based Malware Cybercriminals are increasingly weaponizing Microsoft Teams, exploiting the platform's trusted role in corporate communications to deploy malware and seize control of victim systems.

cybersecuritynews.com/microsoft-te...

What is Microsoft Sentinel data lake “a cloud-native security data platform that centralizes logs and telemetry from across your environment into a scalable, cost-efficient data lake”

My Microsoft Sentinel data lake blog is out now www.jussimetso.com/index.php/20...

My first renewal 🔥🔥🔥

Modernizing your on-prem SIEM with Microsoft Sentinel – part 2 So you want to migrate your on-prem SIEM to Microsoft Sentinel?What kind of tasks you have thought so far? Some planning maybe?Here are some task what I have in my mind. These are just tasks, no ne…

The sequel with task lists for modernizing on-prem SIEM to Sentinel www.jussimetso.com/index.php/20...

Modernizing your on-prem SIEM with Microsoft Sentinel – part 1 Are you wondering to transfer your classic on-prem SIEM to fancy and modernized cloud SIEM. Read my suggestions of the advances of Microsoft Sentinel

How to modernize your on-prem siem to Microsoft Sentinel aka Cloud Siem www.jussimetso.com/index.php/20...

Defender for Cloud – Part 11: Data and AI Security The Data and AI security overview section displays your cloud data and AI estate for each cloud. It includes all data and AI resources, categorized into storage assets, managed databases, hosted da…

Last blog post in my Defender for Cloud series so far. The end has come.

Topic this time is Data and AI Security Dashboard.

www.jussimetso.com/index.php/20...

Old but still valid.

Defender for Cloud – Part 10.5: CWP Advanced protection Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.

New bl0g!

Defender for Cloud - Advanced protection is kind of LARGE area to cover but I tried.

Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.

Defender for Cloud – Part 10: Cloud Workload protection (CWP) Cloud Workload Protection in Microsoft Defender for Cloud helps protect various cloud resources such as virtual machines, containers, databases, and applications from security threats, vulnerabilit…

Workload Protection in Microsoft Defender for Cloud refers to cloud-native security posture management (CSPM) and threat protection for workloads running in Azure, hybrid, and multi-cloud environments (including AWS, GCP, GitHub, Azure DevOps and others).

Defender for Cloud – Part 9: Regulatory compliance Microsoft Defender for Cloud provides Regulatory Compliance capabilities to help organizations assess and maintain compliance with industry standards, frameworks, and regulatory requirements. It co…

Blog: Regulatory compliance in Defender for Cloud. If you need to check how your Azure, AWS, GCP resources comply against industry standards you can use this feature. www.jussimetso.com/index.php/20...

OpenAI's #Sora became available in Europe today. 🔥 If you have #ChatGPT Plus or Pro subscription you can create your own videos with it. Naturally, I needed to test it by creating some bernese mountain dog videos! 🥰

#openAI #aivideo #bernesemountaindog #ai #texttovideo

New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems Auto-Color Linux malware targets governments and universities, using stealth tactics and encryption to evade detection and maintain persistence.

"Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software," security researcher Alex Armstrong."

Worst. Episode. EVER.

Defender for Cloud – Part 7: Cloud Security Explorer The Cloud Security Explorer allows you to run graph-based queries and proactively identify security risks in your cloud environment. You can query effective exposure to internet, permisisons, vulne…

The seventh part of my Microsoft Defender for Cloud EPIC blog series. Read and learn. :)
#microsoft #security #defenderforcloud #cloudsecurity #mvpbuzz

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks Salt Typhoon exploited CVE-2018-0171 and stolen credentials to infiltrate U.S. telecom networks, persisting undetected for over three years.

"The use of this utility would help to obfuscate the original source, and ultimate destination, of the request and would also allow its operator to move through potentially otherwise non-publicly-reachable (or routable) devices or infrastructure," Cisco noted.

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks PostgreSQL SQL injection flaw (CVE-2025-1094) exploited alongside BeyondTrust zero-day, enabling arbitrary code execution.

"An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands"

Storm-2372 conducts device code phishing campaign | Microsoft Security Blog Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign ...

In device code phishing, threat actors exploit the device code authentication flow to capture authentication tokens, which they then use to access target accounts, and further gain access to data and other services that the compromised account has access.

Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software Palo Alto Networks patches CVE-2025-0108, a PAN-OS flaw (CVSS 7.8) allowing authentication bypass. Update now.

The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.

Critical Chrome Flaw Allows Attackers to Remotely Execute Code Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious code on vulnerable systems.

Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious code on vulnerable systems.