Latest news with #MicrosoftDefender
Techday NZ
2 days ago
- Business
- Techday NZ
KnowBe4, Microsoft partner to enhance email security with AI
KnowBe4 has announced a strategic integration with Microsoft, aimed at improving email security for organisations using Microsoft 365. The announcement details that KnowBe4 Defend will work alongside Microsoft Defender for Office 365, specifically integrating with its quarantine functionality. This collaboration is part of Microsoft's Integrated Cloud Email Security (ICES) initiative, and it marks the first such partnership in the programme, establishing a new approach for security vendors to work together. Integrated strategy According to KnowBe4, the Defend platform is designed to complement Microsoft 365's existing protections by introducing agentic AI methods for advanced inbound threat detection. The integration is intended to allow organisations to retain their investment in Microsoft's security tools while benefiting from an additional, purpose-built layer of threat identification and response. "This new collaboration is driving meaningful innovation in cybersecurity. By combining Microsoft's email and collaboration security infrastructure with KnowBe4's leadership in human risk management and robust threat detection capabilities, organizations can now capitalize on a truly integrated defense strategy that benefits from the unique strengths of both platforms. We look forward to offering this to our global customers to help them enhance their security efforts," said Stuart Clark, VP of Product Strategy, KnowBe4. Detection and response The integration creates multiple concurrent layers of analysis, which KnowBe4 states will increase the likelihood of detecting and preventing threats from reaching end users. The combined capability draws on Microsoft Defender for Office 365's quarantine processes and KnowBe4 Defend's AI-based detection mechanisms. The set-up is intended to support existing investments in Microsoft security while enhancing the breadth and depth of threat analysis. Beyond improving threat identification at the point of entry, the combined platforms provide unified Security Operations Centre (SOC) tools. These are designed to speed up incident investigation, support root cause analysis and enable tactical responses, ultimately offering organisations greater visibility and control over email threats targeting their workforce. Focus on human risk management KnowBe4 positions itself as focused on human risk management in the cybersecurity sector. The company states it supports organisations in strengthening their security cultures and managing risks associated with human behaviour. Its AI-driven Human Risk Management platform includes modules for training, compliance, real-time coaching, crowdsourced anti-phishing, and AI-based defence agents, all aimed at empowering employees to make better security decisions. The company claims to be working with over 70,000 organisations globally, delivering a suite of security tools designed to adapt and respond to evolving cybersecurity threats. The HRM+ platform aims to transform end users into effective components of an organisation's overall security posture through education and active participation in identifying threats. The ICES ecosystem The strategic partnership with Microsoft places KnowBe4 as the first vendor to join Microsoft's ICES vendor ecosystem, which seeks to foster collaborations with select security firms. The ICES programme is intended to offer Microsoft 365 customers a broader set of defence capabilities by encouraging interoperability between Microsoft's platforms and specialist security vendors. With this integration, customers can continue to use Microsoft 365 and Defender for Office 365 services, while having the option to add an extra layer of AI-powered detection and response without duplicating existing resources or disrupting their operational processes. The collaboration is expected to provide a model for future integration between Microsoft and other security companies within the ICES framework. Both companies have emphasised that the approach is focused on building collective defences to mitigate the risks posed by sophisticated email-based threats. Follow us on: Share on:
Techday NZ
3 days ago
- Business
- Techday NZ
KnowBe4 integrates with Microsoft to boost email threat defence
KnowBe4 has announced a strategic integration with Microsoft Defender for Office 365, marking the first partnership within Microsoft's new Integrated Cloud Email Security (ICES) vendor ecosystem. This new collaboration brings KnowBe4's AI-powered threat detection and human risk management capabilities together with Microsoft's email security tools, aiming to create a more unified defence against email-based threats for organisations using Microsoft 365. According to KnowBe4, the integration is specifically designed to complement Microsoft 365's existing security infrastructure rather than replace it. By incorporating KnowBe4 Defend's advanced inbound threat detection, organisations can retain their current Microsoft security configuration while adding another protective layer focused on specialised threat identification and response. One of the main features of the integration is the seamless flow of KnowBe4 alerts directly into the Microsoft Defender quarantine console. This functionality enables security teams to manage threats and investigate alerts within a single interface, streamlining workflows and improving response efficiencies. The partnership is positioned as a significant development in Microsoft's ICES ecosystem, which promotes collaborative cybersecurity between Microsoft and third-party vendors. The approach reflects a broader trend in the industry towards integrated, interoperable solutions that support a layered security model. This new collaboration is driving meaningful innovation in cybersecurity. By combining Microsoft's email and collaboration security infrastructure with KnowBe4's leadership in human risk management and robust threat detection capabilities, organisations can now capitalise on a truly integrated defence strategy that benefits from the unique strengths of both platforms. We look forward to offering this to our global customers to help them enhance their security efforts. The integration aims to increase the probability of detecting and preventing sophisticated email threats before they can impact end users. By leveraging multiple methods of analysis and detection across both platforms, the solution offers organisations a multilayered approach to email security. Additionally, it provides security operations centres (SOC) unified tools for quick investigation, root cause analysis, and tactical response to incidents. KnowBe4 describes its platform as an AI-driven system for human risk management, used by more than 70,000 organisations globally. The company's HRM+ platform features modules such as security awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing services, and AI defence agents. The integration with Microsoft Defender for Office 365 expands this toolkit, allowing organisations already invested in Microsoft's email security products to build upon their existing defences. The new collaboration provides a practical example of how security vendors can cooperate to deliver enhanced protection for their shared customer base. The inclusion of KnowBe4 as the first vendor in Microsoft's ICES ecosystem is expected to encourage further partnerships and integrations, supporting an industry shift towards a more collaborative and integrated security landscape. Follow us on: Share on:
NDTV
10-06-2025
- NDTV
Urgent Microsoft Windows Cyberattack Warning: Avoid Opening These Files
Microsoft Windows users have been urgently warned about a dangerous cyberattack that can exploit a longstanding, unresolved security flaw involving Windows LNK files. As per a report in Forbes, citing cybersecurity researchers at Kaspersky and Trend Micro, the vulnerability, known as ZDI-CAN-25373, is being actively exploited by cybercriminals to mount a series of attacks this year. A malicious LNK file can exploit a Windows feature by including an attacker-controlled network location, targeting users across different VLANs. It exploits a flaw in Windows File Explorer, which does not fully display certain parameters included in shortcut files. Despite the vulnerability existing for years, Windows has not assigned it a Common Vulnerabilities and Exposures (CVE) identifier that is typically used to acknowledge and track security threats. In a statement issued to the outlet, Microsoft claimed that its Defender includes content scanning functionality that examines files, including the LNK ones. 'We appreciate the work of ZDI in submitting this report under a coordinated vulnerability disclosure. Microsoft Defender has detections in place to detect and block this threat activity, and the Smart App Control provides an extra layer of protection by blocking malicious files from the Internet," Microsoft said in a statement. "As a security best practice, we encourage customers to exercise caution when downloading files from unknown sources as indicated in security warnings, which have been designed to recognise and warn users about potentially harmful files." it added. "While the UI experience described in the report does not meet the bar for immediate servicing under our severity classification guidelines, we will consider addressing it in a future feature release." Despite Microsoft's assurance, the best protection against the flaw remains awareness and practising caution. Don't open LNK files from unverified sources. Ensure Microsoft Defender or the antivirus software remains updated. Pay attention to security warnings displayed by Windows. Also Read | Woman Who Died For 8 Minutes Reveals What She Saw: "I Realised That..." Google's advice to users Recently, Google has also been urging its Gmail users to move on from older sign-in methods like passwords and two-factor authentication (2FA) to better secure their accounts. The tech giant told users to upgrade accounts to passkeys as well as social sign-ins, which use authenticated platforms like "Sign in with Google". Passkeys is a login system that replaces passwords with biometric authentication via a trusted device like a smartphone. Google views passkeys as "phishing resistant", which can help users log in simply with the method they use to unlock their devices, which can include fingerprint recognition, facial scan, or the pattern lock.
Fox News
29-05-2025
- Business
- Fox News
Windows PCs at risk as new tool disarms built-in security
All modern Windows PCs come with Microsoft Defender built in. For the unaware, this tool is Windows' native antivirus. Over time, it has matured into a reliable security tool capable of blocking a wide range of threats. However, a tool called Defendnot can shut down Microsoft Defender completely, without exploiting a bug or using malware. It simply convinces Windows that another antivirus is already running. The implications are serious. This tool does not break into the system or use advanced code injection. It uses Windows features the way they were designed to be used. And that makes the problem harder to detect and harder to fix. Windows is built to avoid running multiple antivirus products at once. When a third-party antivirus registers itself, Windows disables Microsoft Defender to prevent conflicts. Defendnot exploits this system using an undocumented API that security software uses to communicate with the Windows Security Center. The tool registers a fake antivirus that appears legitimate to the system. It uses a dummy DLL and injects it into Task Manager, a trusted Windows process. By operating inside this signed process, Defendnot avoids signature checks and permission blocks. Once the fake antivirus is registered, Windows disables Microsoft Defender without warning or confirmation. No security alert is shown to the user. No visible changes are made to indicate that the system is unprotected. Unless someone checks manually, the machine remains open to attacks with no real-time protection running. The tool also includes options to set a custom antivirus name, enable logging and configure automatic startup. It achieves persistence by creating a scheduled task that runs whenever the user logs in. Defendnot is based on an earlier project called No-Defender. That project used code from an actual antivirus product to fake registration. It gained attention quickly and was removed after a copyright complaint from the vendor whose code had been reused. The developer took the project down and walked away from it. With Defendnot, the creator rebuilt the core features using original code. This version avoids copyright issues and uses a new method to achieve the same effect. It does not rely on another antivirus or third-party binaries. It was written from scratch to demonstrate how simple it is to manipulate Windows security from inside the system. Microsoft Defender currently flags the tool as a threat. It detects and quarantines it under the name Win32/ However, the fact that it works at all points to a weakness in how Windows handles antivirus registration and trust. While Defendnot is a research project, there's a chance that similar tools are already out there and could be used to compromise your PC. Here are a few tips to help you stay safe: 1. Use strong antivirus software: Even with regular updates, Windows systems can be left exposed by tools like Defendnot that silently disable built-in defenses. A strong third-party antivirus with real-time protection and frequent updates provides essential backup security. Look for solutions with real-time protection and frequent updates to tackle emerging threats. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 2. Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features (like Microsoft Edge or Chrome with Safe Browsing enabled). 3. Avoid running unexpected commands: Never paste or run commands (like PowerShell scripts) you don't understand or that were copied from random websites. Attackers often trick users into unknowingly running malware this way. 4. Keep your software updated: Regularly update your operating system, browsers and all software applications. Updates often include patches for security vulnerabilities that malware can exploit. 5. Use two-factor authentication (2FA): Enable 2FA on all your accounts. This adds an extra layer of security by requiring a second form of verification, making it harder for attackers to gain access even if they have your password. 6. Invest in personal data removal services: Even with strong device security, your personal information may still be exposed online through data brokers and people-finder sites. These services collect and publish details like your name, address and phone number, making you an easier target for identity theft or phishing. Automated data removal services track down these sites and submit removal requests on your behalf, helping to reduce your digital footprint and increase your online anonymity. While they can't erase every trace of your information, they make it significantly harder for attackers to find and exploit your personal data, which saves you time and reduces unwanted spam in the process. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. Defendnot points to a bigger issue with how Windows handles security. It takes a feature meant to prevent software conflicts and turns it into a way to completely disable protection. The system assumes any registered antivirus is legitimate, so if attackers can fake that, they get in without much resistance. We often think of security as blocking the bad and trusting the good. But this case shows what happens when that trust is misplaced. Defendnot doesn't sneak past Windows defenses. It walks right in using valid credentials. The solution isn't just more patches or stronger malware signatures. What we need is a smarter way for systems to tell what is actually safe. Do you think companies like Microsoft need to rethink how Windows handles antivirus registration and trust, given that tools like Defendnot can so easily disable built-in protections without using malware or exploiting a bug? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Tom's Guide
19-05-2025
- Tom's Guide
This new Defendnot trojan can get Windows to disable its own antivirus software
A researcher referred to as es3n1n has developed a tool called Defendnot that is capable of tricking a Windows computer into disabling Microsoft Defender, leaving the device completely unprotected against malware. By registering a fake antivirus product, Defendnot convinces Microsoft to turn off its built-in antivirus software to keep any conflicts from happening between the two security programs. As reported by Bleeping Computer, Defendnot can do this even when there is no actual antivirus software installed on the machine by using an undocumented API in the Windows Security Center (WSC) – the same one used by legitimate antivirus software – to inform Windows that it's properly installed and handling the real-time protection for the system. Then, after a few weeks after the release, the project blew up quite a bit and gained ~1.5k stars, after that the developers of the antivirus I was using filed a DMCA takedown request and I didn't really want to do anything with that so just erased everything and called it a day. Once the registration step is complete, Defender will immediately shut itself off to prevent any issues, leaving the computer without active antivirus protection. The Defendnot tool also includes a loader that passes configuration data through a file, allowing users to set the name of the fake antivirus software to anything they like. Defendnot will create an autorun through the Task Schedule, so it starts when you log in to Windows. It's based on a previous project, the researcher called 'no-defender,' which laid the groundwork by using code from third-party antivirus software to spoof Windows Security Center registration. However, the vendor of that software filed a DMCA takedown request, which resulted in it being pulled from GitHub. Defendnot, on the other hand, learned from this and built the anti-virus functionality from scratch through a dummy DLL, which causes no copyright infringement. It injects a DLL into a Microsoft system process, which is signed and already trusted. Within this process, it can register the dummy antivirus with any spoofed display name. Though it is a research project, Defendnot demonstrates how easy it can be to turn trusted system features into security issues; currently, Microsoft Defender is detecting and quarantining Defendnot as a trojan based on its own machine learning algorithm. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Because Defendnot is a research project — and has already been quarantined by Defender — it is not putting any particular systems at risk currently. There are also no details about how Defendnot may operate on a computer that is running a third-party antivirus software in addition to Windows Defender. That being said, users who want the best level of protection for their Windows PCs should always use one of the best antivirus software programs and the built-in protection provided by Windows Defender. These security suites usually provide excellent malware protection and added features like parental controls, a VPN, and a password manager that can help keep you safe while online.
