8 everyday technologies that can make you vulnerable to cyberattacks

The technological advances of the modern world make for an exciting and convenient lifestyle. With each new development, from artificial intelligence to the Internet of Things, we make the mundane and tedious more manageable. The security vulnerabilities of the latest tech have been well...

Threatlist: Manufacturing, a Top Target for Espionage

When it comes to cyberattack-related reconnaissance and lateral movement activity, the manufacturing industry exhibits higher than normal rates. That’s according to Vectra’s 2018 Spotlight Report on Manufacturing, which crunched data from more than 4 million devices and workloads from customer...

Excerpts from Modern Bank Heists – Nation State Threats

Carbon Black recently published a report on the latest non-malware attack methods, and how to counteract them. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo,...

Election Readiness 2018

2018 is a pivotal year for the integrity of our electoral process. The threat to the digital infrastructure of our elections is proliferating to a level that has not been seen before. Officials are working tirelessly to protect your vote by proactively identifying vulnerabilities and targeting...

OPC UA security analysis

This paper discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. In publishing this material, we hope to draw the attention of vendors that develop software for industrial automation systems and the industrial internet of things to problems...

Keeping Your WAF Relevant: Emergency Feed Pushes New Mitigations in Just Hours

We previously reported that the overall number of new web application vulnerabilities in 2017 showed a 212% increase from 2016’s 6,615 to a whopping 14,082. This spike was due, in part, to high-profile vulnerabilities like Heartbleed, Shellshock, POODLE, Apache Struts 2 and more recently, Meltdow...

Europol Smacks Down World’s Largest DDoS-for-Hire Market

Criminal fantasy dream-site Webstresser.org, a DDoS-for-hire market believed to be behind at least 4 million cyberattacks around the world, has served up its last internet-paralyzing traffic tsunami. A multi-national investigation led by Europol has led to the arrest of the administrators of the...

RSAC 2018: Tech Giants Form Cybersecurity Tech Accord

SAN FRANCISCO – Microsoft President Brad Smith during a keynote at the 2018 RSA Conference condemned government-backed cyberattacks as endangering innocent civilian’s lives – and said that tech companies need to come together to “open the world’s eyes to the impact that this is having.” At this...

Cryptominer Malware Threats Overtake Ransomware, Report Warns

SAN FRANCISCO – Cryptomining malware is the top threat to watch out for this year, according to a new report – with attacks jumping higher than ransomware instances in the first quarter of 2018. A new report by Comodo Cybersecurity, released Tuesday at RSA Conference 2018, found that cryptominers...

Filling the gaps in international law is essential to making cyberspace a safer place

A month ago, on the sidelines of the Munich Security Conference, Microsoft organized an expert workshop to discuss gaps in international law as it applies to cyberspace. We were fortunate enough to bring together twenty leading stakeholders, including international legal experts, United Nations...

This Week in Security News: IT Pros and Cyberthreats

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, 62 percent of IT decision makers report that on-premises security is safer than the cloud, and a new report says 68 percent of businesses ar...

Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities

Most manufacturers have connected their operational technology – including industrial control systems and robotic equipment –to the internet, yet the lack of basic security protocols leave these companies open to cyberattacks. Industrial security company Malcrawler pinpointed these dangers at...

The Future of Cybersecurity Is in the Cloud

For decades we have feared the cloud. During my time working counterintelligence for the FBI, we feared the Internet so much that agency computers functioned solely on an isolated intranet connected via hard cables. It’s no wonder to me that that government has still not embraced the unlimited...

2018 Cyberthreat Defense Report: Where IT Security Is Going

What keeps you awake at night? We asked IT security professionals the same question and found that these issues are top of mind: malware and spear phishing, securing mobile devices, employee security awareness and new technologies that detect threats capable of bypassing traditional signature-bas...

Petya や WannaCrypt などのラピッド サイバー攻撃を緩和する方法

本記事は、Microsoft Secure ブログ “How to mitigate rapid cyberattacks such as Petya and WannaCrypt” 2018 年 2 月 21 日 米国時...

How to mitigate rapid cyberattacks such as Petya and WannaCrypt

In the first blog post of this 3-part series, we introduced what rapid cyberattacks are and illustrated how rapid cyberattacks are different in terms of execution and outcome. In the second blog post, we provided some details on Petya and how it worked. In this final blog post, we will share:...

How to mitigate rapid cyberattacks such as Petya and WannaCrypt

In the first blog post of this 3-part series, we introduced what rapid cyberattacks are and illustrated how rapid cyberattacks are different in terms of execution and outcome. In the second blog post, we provided some details on Petya and how it worked. In this final blog post, we will share:...

Overview of Petya, a rapid cyberattack

In the first blog post of this 3-part series, we introduced what rapid cyberattacks are and illustrated how they are different in terms of execution and outcome. Next, we will go into some more details on the Petya aka NotPetya attack. How Petya worked The Petya attack chain is well understood,...

Overview of rapid cyberattacks

Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attack...

Overview of rapid cyberattacks

Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attack...