Jussi Metso
@jussimetso.com
*Microsoft Security MVP
*Azure & M365 & AI Security
*Blogger @ jussimetso.com
*Co-founder of https://www.meetup.com/microsoft-security-user-group-finland/
*Azure & M365 & AI Security
*Blogger @ jussimetso.com
*Co-founder of https://www.meetup.com/microsoft-security-user-group-finland/
The patch tuesday msft.it/6018SZEg0
Security Update Guide - Microsoft Security Response Center
msft.it
October 14, 2025 at 5:05 PM
The patch tuesday msft.it/6018SZEg0
Couple of days ago I noticed that Steam does not work. I thought it might be DDOS and it was. share.google/LTKsVzkZxi2N...
Major gaming platforms hit by disruptions: unprecedented DDoS suspected
Steam, Riot, and other major platforms are experiencing widespread service disruptions, likely due to massive DDoS attacks linked to the Aisuru botnet.
share.google
October 9, 2025 at 4:55 AM
Couple of days ago I noticed that Steam does not work. I thought it might be DDOS and it was. share.google/LTKsVzkZxi2N...
Checkout this Meetup with Microsoft Security User Group Finland: meetu.ps/e/PrJsH/11qZ...
September 25, 2025 at 1:00 PM
Checkout this Meetup with Microsoft Security User Group Finland: meetu.ps/e/PrJsH/11qZ...
New blog about automated malware remediation from storage account blobs www.jussimetso.com/index.php/20...
Malware automated remediation in Defender for Storage
Defender for Storage now supports different ways to handle malicious files. Now you can select the remediation option that fits your scenario. Built-in remediation capabilities Automated workflows …
www.jussimetso.com
September 17, 2025 at 9:18 PM
New blog about automated malware remediation from storage account blobs www.jussimetso.com/index.php/20...
My Microsoft Sentinel data lake blog is out now www.jussimetso.com/index.php/20...
What is Microsoft Sentinel data lake
“a cloud-native security data platform that centralizes logs and telemetry from across your environment into a scalable, cost-efficient data lake”
www.jussimetso.com
August 25, 2025 at 6:21 PM
My Microsoft Sentinel data lake blog is out now www.jussimetso.com/index.php/20...
The sequel with task lists for modernizing on-prem SIEM to Sentinel www.jussimetso.com/index.php/20...
Modernizing your on-prem SIEM with Microsoft Sentinel – part 2
So you want to migrate your on-prem SIEM to Microsoft Sentinel?What kind of tasks you have thought so far? Some planning maybe?Here are some task what I have in my mind. These are just tasks, no ne…
www.jussimetso.com
July 4, 2025 at 12:51 PM
The sequel with task lists for modernizing on-prem SIEM to Sentinel www.jussimetso.com/index.php/20...
How to modernize your on-prem siem to Microsoft Sentinel aka Cloud Siem www.jussimetso.com/index.php/20...
Modernizing your on-prem SIEM with Microsoft Sentinel – part 1
Are you wondering to transfer your classic on-prem SIEM to fancy and modernized cloud SIEM. Read my suggestions of the advances of Microsoft Sentinel
www.jussimetso.com
June 26, 2025 at 11:39 PM
How to modernize your on-prem siem to Microsoft Sentinel aka Cloud Siem www.jussimetso.com/index.php/20...
Last blog post in my Defender for Cloud series so far. The end has come.
Topic this time is Data and AI Security Dashboard.
www.jussimetso.com/index.php/20...
Topic this time is Data and AI Security Dashboard.
www.jussimetso.com/index.php/20...
Defender for Cloud – Part 11: Data and AI Security
The Data and AI security overview section displays your cloud data and AI estate for each cloud. It includes all data and AI resources, categorized into storage assets, managed databases, hosted da…
www.jussimetso.com
May 27, 2025 at 5:36 AM
Last blog post in my Defender for Cloud series so far. The end has come.
Topic this time is Data and AI Security Dashboard.
www.jussimetso.com/index.php/20...
Topic this time is Data and AI Security Dashboard.
www.jussimetso.com/index.php/20...
New bl0g!
Defender for Cloud - Advanced protection is kind of LARGE area to cover but I tried.
Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.
Defender for Cloud - Advanced protection is kind of LARGE area to cover but I tried.
Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.
Defender for Cloud – Part 10.5: CWP Advanced protection
Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.
www.jussimetso.com
May 10, 2025 at 2:49 PM
New bl0g!
Defender for Cloud - Advanced protection is kind of LARGE area to cover but I tried.
Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.
Defender for Cloud - Advanced protection is kind of LARGE area to cover but I tried.
Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.
Workload Protection in Microsoft Defender for Cloud refers to cloud-native security posture management (CSPM) and threat protection for workloads running in Azure, hybrid, and multi-cloud environments (including AWS, GCP, GitHub, Azure DevOps and others).
Defender for Cloud – Part 10: Cloud Workload protection (CWP)
Cloud Workload Protection in Microsoft Defender for Cloud helps protect various cloud resources such as virtual machines, containers, databases, and applications from security threats, vulnerabilit…
www.jussimetso.com
April 24, 2025 at 1:35 PM
Workload Protection in Microsoft Defender for Cloud refers to cloud-native security posture management (CSPM) and threat protection for workloads running in Azure, hybrid, and multi-cloud environments (including AWS, GCP, GitHub, Azure DevOps and others).
Blog: Regulatory compliance in Defender for Cloud. If you need to check how your Azure, AWS, GCP resources comply against industry standards you can use this feature. www.jussimetso.com/index.php/20...
Defender for Cloud – Part 9: Regulatory compliance
Microsoft Defender for Cloud provides Regulatory Compliance capabilities to help organizations assess and maintain compliance with industry standards, frameworks, and regulatory requirements. It co…
www.jussimetso.com
March 13, 2025 at 8:58 PM
Blog: Regulatory compliance in Defender for Cloud. If you need to check how your Azure, AWS, GCP resources comply against industry standards you can use this feature. www.jussimetso.com/index.php/20...
Reposted by Jussi Metso
OpenAI's #Sora became available in Europe today. 🔥 If you have #ChatGPT Plus or Pro subscription you can create your own videos with it. Naturally, I needed to test it by creating some bernese mountain dog videos! 🥰
#openAI #aivideo #bernesemountaindog #ai #texttovideo
#openAI #aivideo #bernesemountaindog #ai #texttovideo
February 28, 2025 at 1:29 PM
OpenAI's #Sora became available in Europe today. 🔥 If you have #ChatGPT Plus or Pro subscription you can create your own videos with it. Naturally, I needed to test it by creating some bernese mountain dog videos! 🥰
#openAI #aivideo #bernesemountaindog #ai #texttovideo
#openAI #aivideo #bernesemountaindog #ai #texttovideo
"Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software," security researcher Alex Armstrong."
New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems
Auto-Color Linux malware targets governments and universities, using stealth tactics and encryption to evade detection and maintain persistence.
thehackernews.com
February 27, 2025 at 7:02 AM
"Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software," security researcher Alex Armstrong."
Reposted by Jussi Metso
Worst. Episode. EVER.
February 22, 2025 at 4:00 AM
Worst. Episode. EVER.
The seventh part of my Microsoft Defender for Cloud EPIC blog series. Read and learn. :)
#microsoft #security #defenderforcloud #cloudsecurity #mvpbuzz
#microsoft #security #defenderforcloud #cloudsecurity #mvpbuzz
Defender for Cloud – Part 7: Cloud Security Explorer
The Cloud Security Explorer allows you to run graph-based queries and proactively identify security risks in your cloud environment. You can query effective exposure to internet, permisisons, vulne…
www.jussimetso.com
February 22, 2025 at 8:34 PM
The seventh part of my Microsoft Defender for Cloud EPIC blog series. Read and learn. :)
#microsoft #security #defenderforcloud #cloudsecurity #mvpbuzz
#microsoft #security #defenderforcloud #cloudsecurity #mvpbuzz
"The use of this utility would help to obfuscate the original source, and ultimate destination, of the request and would also allow its operator to move through potentially otherwise non-publicly-reachable (or routable) devices or infrastructure," Cisco noted.
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
Salt Typhoon exploited CVE-2018-0171 and stolen credentials to infiltrate U.S. telecom networks, persisting undetected for over three years.
thehackernews.com
February 22, 2025 at 6:34 PM
"The use of this utility would help to obfuscate the original source, and ultimate destination, of the request and would also allow its operator to move through potentially otherwise non-publicly-reachable (or routable) devices or infrastructure," Cisco noted.
"An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands"
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
PostgreSQL SQL injection flaw (CVE-2025-1094) exploited alongside BeyondTrust zero-day, enabling arbitrary code execution.
thehackernews.com
February 15, 2025 at 10:50 AM
"An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands"
In device code phishing, threat actors exploit the device code authentication flow to capture authentication tokens, which they then use to access target accounts, and further gain access to data and other services that the compromised account has access.
Storm-2372 conducts device code phishing campaign | Microsoft Security Blog
Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign ...
www.microsoft.com
February 14, 2025 at 2:37 AM
In device code phishing, threat actors exploit the device code authentication flow to capture authentication tokens, which they then use to access target accounts, and further gain access to data and other services that the compromised account has access.