Jussi Metso
LightNews LightNews
banner
jussimetso.com
Jussi Metso
@jussimetso.com
180 followers 120 following 78 posts
*Microsoft Security MVP *Azure & M365 & AI Security *Blogger @ jussimetso.com *Co-founder of https://www.meetup.com/microsoft-security-user-group-finland/
www.meetup.com
Posts Media Videos Starter Packs
jussimetso.com
Jussi Metso @jussimetso.com · 23d
The patch tuesday msft.it/6018SZEg0
Security Update Guide - Microsoft Security Response Center
msft.it
jussimetso.com
Jussi Metso @jussimetso.com · 27d
cybersecuritynews.com/dfir-tool-ve...
Hackers Use DFIR Tool 'Velociraptor' to Attack VMware ESXi and Windows Servers with Ransomware
Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks.
cybersecuritynews.com
jussimetso.com
Jussi Metso @jussimetso.com · 28d
Couple of days ago I noticed that Steam does not work. I thought it might be DDOS and it was. share.google/LTKsVzkZxi2N...
Major gaming platforms hit by disruptions: unprecedented DDoS suspected
Steam, Riot, and other major platforms are experiencing widespread service disruptions, likely due to massive DDoS attacks linked to the Aisuru botnet.
share.google
jussimetso.com
Jussi Metso @jussimetso.com · Oct 6
thehackernews.com/2025/10/orac...
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Oracle releases an emergency fix for CVE-2025-61882 after Cl0p exploits critical EBS flaw.
thehackernews.com
jussimetso.com
Jussi Metso @jussimetso.com · Oct 1
www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.blee...
New EDR-Freeze tool uses Windows WER to suspend security software
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft's Windows Error Reporting (WER) system.
www-bleepingcomputer-com.cdn.ampproject.org
jussimetso.com
Jussi Metso @jussimetso.com · Sep 25
Checkout this Meetup with Microsoft Security User Group Finland: meetu.ps/e/PrJsH/11qZ...
jussimetso.com
Jussi Metso @jussimetso.com · Sep 24
Fixed thehackernews.com/2025/09/micr...
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
Microsoft patched CVE-2025-55241 July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.
thehackernews.com
jussimetso.com
Jussi Metso @jussimetso.com · Sep 17
New blog about automated malware remediation from storage account blobs www.jussimetso.com/index.php/20...
Malware automated remediation in Defender for Storage
Defender for Storage now supports different ways to handle malicious files. Now you can select the remediation option that fits your scenario. Built-in remediation capabilities Automated workflows …
www.jussimetso.com
jussimetso.com
Jussi Metso @jussimetso.com · Aug 28
cybersecuritynews.com/microsoft-te...
Hackers Abuse Microsoft Teams to Gain Remote Access on Windows With PowerShell-based Malware
Cybercriminals are increasingly weaponizing Microsoft Teams, exploiting the platform's trusted role in corporate communications to deploy malware and seize control of victim systems.
cybersecuritynews.com
jussimetso.com
Jussi Metso @jussimetso.com · Aug 25
My Microsoft Sentinel data lake blog is out now www.jussimetso.com/index.php/20...
What is Microsoft Sentinel data lake
“a cloud-native security data platform that centralizes logs and telemetry from across your environment into a scalable, cost-efficient data lake”
www.jussimetso.com
1
jussimetso.com
Jussi Metso @jussimetso.com · Jul 10
My first renewal 🔥🔥🔥
3
jussimetso.com
Jussi Metso @jussimetso.com · Jul 4
The sequel with task lists for modernizing on-prem SIEM to Sentinel www.jussimetso.com/index.php/20...
Modernizing your on-prem SIEM with Microsoft Sentinel – part 2
So you want to migrate your on-prem SIEM to Microsoft Sentinel?What kind of tasks you have thought so far? Some planning maybe?Here are some task what I have in my mind. These are just tasks, no ne…
www.jussimetso.com
1
jussimetso.com
Jussi Metso @jussimetso.com · Jun 26
How to modernize your on-prem siem to Microsoft Sentinel aka Cloud Siem www.jussimetso.com/index.php/20...
Modernizing your on-prem SIEM with Microsoft Sentinel – part 1
Are you wondering to transfer your classic on-prem SIEM to fancy and modernized cloud SIEM. Read my suggestions of the advances of Microsoft Sentinel
www.jussimetso.com
jussimetso.com
Jussi Metso @jussimetso.com · May 27
Last blog post in my Defender for Cloud series so far. The end has come.

Topic this time is Data and AI Security Dashboard.

www.jussimetso.com/index.php/20...
Defender for Cloud – Part 11: Data and AI Security
The Data and AI security overview section displays your cloud data and AI estate for each cloud. It includes all data and AI resources, categorized into storage assets, managed databases, hosted da…
www.jussimetso.com
jussimetso.com
Jussi Metso @jussimetso.com · May 27
Old but still valid.
2
jussimetso.com
Jussi Metso @jussimetso.com · May 10
New bl0g!

Defender for Cloud - Advanced protection is kind of LARGE area to cover but I tried.

Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.
Defender for Cloud – Part 10.5: CWP Advanced protection
Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities.
www.jussimetso.com
1
jussimetso.com
Jussi Metso @jussimetso.com · Apr 24
Workload Protection in Microsoft Defender for Cloud refers to cloud-native security posture management (CSPM) and threat protection for workloads running in Azure, hybrid, and multi-cloud environments (including AWS, GCP, GitHub, Azure DevOps and others).
Defender for Cloud – Part 10: Cloud Workload protection (CWP)
Cloud Workload Protection in Microsoft Defender for Cloud helps protect various cloud resources such as virtual machines, containers, databases, and applications from security threats, vulnerabilit…
www.jussimetso.com
1
jussimetso.com
Jussi Metso @jussimetso.com · Mar 13
Blog: Regulatory compliance in Defender for Cloud. If you need to check how your Azure, AWS, GCP resources comply against industry standards you can use this feature. www.jussimetso.com/index.php/20...
Defender for Cloud – Part 9: Regulatory compliance
Microsoft Defender for Cloud provides Regulatory Compliance capabilities to help organizations assess and maintain compliance with industry standards, frameworks, and regulatory requirements. It co…
www.jussimetso.com
2
Reposted by Jussi Metso
jukkaloikkanen.fi
Jukka Loikkanen @jukkaloikkanen.fi · Feb 28
OpenAI's #Sora became available in Europe today. 🔥 If you have #ChatGPT Plus or Pro subscription you can create your own videos with it. Naturally, I needed to test it by creating some bernese mountain dog videos! 🥰

#openAI #aivideo #bernesemountaindog #ai #texttovideo
1 3
jussimetso.com
Jussi Metso @jussimetso.com · Feb 27
"Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software," security researcher Alex Armstrong."
New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems
Auto-Color Linux malware targets governments and universities, using stealth tactics and encryption to evade detection and maintain persistence.
thehackernews.com
Reposted by Jussi Metso
markhamillofficial.bsky.social
Mark Hamill @markhamillofficial.bsky.social · Feb 22
Worst. Episode. EVER.
860 8.7K 31K
jussimetso.com
Jussi Metso @jussimetso.com · Feb 22
The seventh part of my Microsoft Defender for Cloud EPIC blog series. Read and learn. :)
#microsoft #security #defenderforcloud #cloudsecurity #mvpbuzz
Defender for Cloud – Part 7: Cloud Security Explorer
The Cloud Security Explorer allows you to run graph-based queries and proactively identify security risks in your cloud environment. You can query effective exposure to internet, permisisons, vulne…
www.jussimetso.com
1 2
jussimetso.com
Jussi Metso @jussimetso.com · Feb 22
"The use of this utility would help to obfuscate the original source, and ultimate destination, of the request and would also allow its operator to move through potentially otherwise non-publicly-reachable (or routable) devices or infrastructure," Cisco noted.
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
Salt Typhoon exploited CVE-2018-0171 and stolen credentials to infiltrate U.S. telecom networks, persisting undetected for over three years.
thehackernews.com
jussimetso.com
Jussi Metso @jussimetso.com · Feb 15
"An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution (ACE) by leveraging the interactive tool's ability to run meta-commands"
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
PostgreSQL SQL injection flaw (CVE-2025-1094) exploited alongside BeyondTrust zero-day, enabling arbitrary code execution.
thehackernews.com
jussimetso.com
Jussi Metso @jussimetso.com · Feb 14
In device code phishing, threat actors exploit the device code authentication flow to capture authentication tokens, which they then use to access target accounts, and further gain access to data and other services that the compromised account has access.
Storm-2372 conducts device code phishing campaign | Microsoft Security Blog
Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign ...
www.microsoft.com