Gartner Names Microsoft a Leader in the 2019 Enterprise Information Archiving (EIA) Magic Quadrant

We often hear from customers about the explosion of data, and the challenge this presents for organizations in remaining compliant and protecting their information. We’ve invested in capabilities across the landscape of information protection and information governance, inclusive of archiving,...

Rethinking cyber learning—consider gamification

As promised, I’m back with a follow-up to my recent post, Rethinking how we learn security, on how we need modernize the learning experience for cybersecurity professionals by gamifying training to make learning fun. Some of you may have attended the recent Microsoft Ignite events in Orlando and...

Deployment Isn’t the Final Step – Monitoring Machine Learning Models in Production

Unless you’ve been living in a cave for the last decade, you’ve probably heard of the concept of a machine learning system at least once in your life. Whether it’s auto-translation, auto-completion, face or voice recognition, recommendation systems or autonomous driving, AI-based systems can be...

Unspecified vulnerability in Moodle (CNVD-2019-43889)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that can be exploited by attackers to bypass security restrictions and perform unauthorized...

Unspecified vulnerability in Moodle (CNVD-2019-43890)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that can be exploited by attackers to bypass security restrictions and perform unauthorized...

This Week in Security News: APT33 Botnets Used for Extreme Narrow Targeting and Microsoft’s Patch Tuesday Arrives with A Patch for An IE Zero-Day

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the APT33 threat group that is using live C&C servers for extremely narrow targeting. Also, read about Trend Micro’s complete...

Attention is All They Need: Combatting Social Media Information Operations With Neural Language Models

Information operations have flourished on social media in part because they can be conducted cheaply, are relatively low risk, have immediate global reach, and can exploit the type of viral amplification incentivized by platforms. Using networks of coordinated accounts, social media-driven...

azureml-designer-classic-modules (>=0.0.105 <=0.0.112), azureml-designer-core (>=0.0.21 <=0.0.29) +36 more potentially affected by CVE-2019-12410 via pyarrow (>=0.12.0 <=0.14.1)

pyarrow PYPI version =0.12.0, =0.0.105, =0.0.21, =0.0.17, =0.0.36, =0.0.9, =1.0.48.1, =0.1.0, =1.4.2, =3.0.20190405035157, =0.1.0, =0.1.1, =1.13.4, =1.15.1 and more Source cves: CVE-2019-12410 Source advisory: OSV:PYSEC-2019-196...

How Machine Learning is Changing the Face of Financial Services

Artificial intelligence AI has become integrated into our everyday lives. It powers what we see in our social media newsfeeds, activates facial recognition to unlock our smartphones, and even suggests music for us to listen to. Machine learning, a subset of AI, is progressively integrating into o...

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent complete with toasted marshmallows. Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising...

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent complete with toasted marshmallows. Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising...

Celebrate Cybersecurity Awareness Month with These Tips From a Survey of 1,200 Security Pros

Held every October, National Cybersecurity Awareness Month NCSAM is a collaborative effort between government and industry meant to raise awareness about the importance of cybersecurity. NCSAM is focused largely on consumer awareness, but for cybersecurity leaders, it is also a great opportunity ...

Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions

In Part One of this blog series, Steve Miller outlined what PDB paths are, how they appear in malware, how we use them to detect malicious files, and how we sometimes use them to make associations about groups and actors. As Steve continued his research into PDB paths, we became interested in...

Using Machine Learning to Detect IP Hijacking

This is interesting research: In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is...

Top 6 email security best practices to protect against phishing attacks and business email compromise

Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency...

Microsoft’s 4 principles for an effective security operations center

The Microsoft Cyber Defense Operations Center CDOC fields trillions of security signals every day. How do we identify and respond to the right threats? One thing that won’t surprise you: we leverage artificial intelligence AI, machine learning, and automation to narrow the focus. But technology i...

New Comic Videos Take CISO/Security Vendor Relationship to the Extreme

Today's CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but...

The vulnerability of the analysis mechanism of machine learning models used in antivirus protection software CylancePROTECT allows attackers to introduce malicious files by bypassing the protection mechanisms, by embedding specially crafted code into the malicious files.

The vulnerability of the analysis mechanism for machine learning models used in antivirus protection software CylancePROTECT exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to introduce a malicious file by bypassing the protection...

Delivering Intrinsic, Intelligent and Informed Security: VMware Completes Acquisition of Carbon Black

Editor's Note: This blog also appears on VMware's Newsroom. We are delighted to announce that VMware has completed its acquisition of endpoint security leader Carbon Black. With this move, VMware is launching a new Security Business Unit under the leadership of Patrick Morley, who has led Carbon...

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Our experience in detecting and blocking threats on millions of endpoints tells us that attackers will stop at nothing to circumvent protections. Even one gap in security can be disastrous to an organization. At Microsoft, we don’t stop finding new ways to fill in gaps in security. We go beyond...