Celebrate Cybersecurity Awareness Month with These Tips From a Survey of 1,200 Security Pros

Held every October, National Cybersecurity Awareness Month NCSAM is a collaborative effort between government and industry meant to raise awareness about the importance of cybersecurity. NCSAM is focused largely on consumer awareness, but for cybersecurity leaders, it is also a great opportunity ...

Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions

In Part One of this blog series, Steve Miller outlined what PDB paths are, how they appear in malware, how we use them to detect malicious files, and how we sometimes use them to make associations about groups and actors. As Steve continued his research into PDB paths, we became interested in...

Using Machine Learning to Detect IP Hijacking

This is interesting research: In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That's unfortunately not very hard to do, since BGP itself doesn't have any security procedures for validating that a message is...

Top 6 email security best practices to protect against phishing attacks and business email compromise

Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency...

Microsoft’s 4 principles for an effective security operations center

The Microsoft Cyber Defense Operations Center CDOC fields trillions of security signals every day. How do we identify and respond to the right threats? One thing that won’t surprise you: we leverage artificial intelligence AI, machine learning, and automation to narrow the focus. But technology i...

New Comic Videos Take CISO/Security Vendor Relationship to the Extreme

Today's CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but...

The vulnerability of the analysis mechanism of machine learning models used in antivirus protection software CylancePROTECT allows attackers to introduce malicious files by bypassing the protection mechanisms, by embedding specially crafted code into the malicious files.

The vulnerability of the analysis mechanism for machine learning models used in antivirus protection software CylancePROTECT exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to introduce a malicious file by bypassing the protection...

Delivering Intrinsic, Intelligent and Informed Security: VMware Completes Acquisition of Carbon Black

Editor's Note: This blog also appears on VMware's Newsroom. We are delighted to announce that VMware has completed its acquisition of endpoint security leader Carbon Black. With this move, VMware is launching a new Security Business Unit under the leadership of Patrick Morley, who has led Carbon...

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Our experience in detecting and blocking threats on millions of endpoints tells us that attackers will stop at nothing to circumvent protections. Even one gap in security can be disastrous to an organization. At Microsoft, we don’t stop finding new ways to fill in gaps in security. We go beyond...

ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts

Machine Learning for Threat Intuitive Analysis The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and...

Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available

Machine learning enhanced with artificial intelligence AI holds great promise in addressing many of the global cyber challenges we see today. They give our cyber defenders the ability to identify, detect, and block malware, almost instantaneously. And together they give security admins the abilit...

Open Sourcing StringSifter

Malware analysts routinely use the Strings program during static analysis in order to inspect a binary's printable characters. However, identifying relevant strings by hand is time consuming and prone to human error. Larger binaries produce upwards of thousands of strings that can quickly evoke...

Deep learning rises: New methods for detecting malicious PowerShell

Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on...

Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities

Introduction If a software vulnerability can be detected and remedied, then a potential intrusion is prevented. While not all software vulnerabilities are known, 86 percent of vulnerabilities leading to a data breach were patchable, though there is some risk of inadvertent damage when applying...

From unstructured data to actionable intelligence: Using machine learning for threat intelligence

The security community has become proficient in using indicators of compromise IoC feeds for threat intelligence. Automated feeds have simplified the task of extracting and sharing IoCs. However, IoCs like IP addresses, domain names, and file hashes are in the lowest levels of the threat...

Cylance Antivirus Products Susceptible to Concatenation Bypass

Overview The Cylance AI-based antivirus product, prior to July 21, 2019, contains flaws that allow an adversary to craft malicious files that the AV product will likely mistake for benign files. Description Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality...

CISO series: Better cybersecurity requires a diverse and inclusive approach to AI and machine learning

Artificial Intelligence AI and machine learning have created lots of buzz with vendors. Being cast as the superheroes of technology is great for getting attention. But even Superman and Supergirl had their kryptonite. Could the lack of diversity and inclusiveness in the design teams and data type...

Will XDR Improve Security?

Cybercriminals and malicious hackers have been shifting their tactics, techniques, and procedures TTPs to improve their ability to infiltrate an organization and stay under the radar of security professionals and solutions. Moving to more targeted attack methods appears to be a mainstay among...

New machine learning model sifts through the good to unearth the bad in evasive malware

We continuously harden machine learning protections against evasion and adversarial attacks. One of the latest innovations in our protection technology is the addition of a class of hardened malware detection machine learning models called monotonic models to Microsoft Defender ATP's Antivirus...

Security Bulletin: Vulnerability in Python affects Watson Machine Learning Services (CVE-2018-14647)

Summary Python is vulnerable to a denial of service, caused by a flaw in the elementtree C accelerator. By using a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a resource exhaustion. Vulnerability Details CVE-ID: CVE-2018-14647 DESCRIPTION: Python’s...