42 matches found
Gundog - Guided Hunting In Microsoft 365 Defender
Gundog provides you with guided hunting in Microsoft 365 Defender. Especially if not only for Email and Endpoint Alerts at the moment. Functionality You provide an AlertID you might received via Email notification and gundog will then hunt for as much as possible associated data. It does not give...
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service BITS is a component of the Windows operating...
Step 7. Discover shadow IT and take control of your cloud apps: top 10 actions to secure your environment
The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 7. Discover shadow IT and take control of cloud apps,” you’ll learn how to set up Microsoft Cloud App Security MCAS to identify, access...
Microsoft Announces Windows Defender ATP Antivirus for Mac
Brace yourself guys. Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Sounds crazy, right? But it's true. Microsoft Thursday announced that the company is bringing its anti-malware software to Apple's macOS operating system as well—and to more platforms...
Recommendations for deploying the latest Attack surface reduction rules for maximum impact
The keystone to good security hygiene is limiting your attack surface. Attack surface reduction is a technique to remove or constrain exploitable behaviors in your systems. In this blog, we discuss the two attack surface reduction rules introduced in the most recent release of Windows and cover...
Windows Defender ATP has protections for USB and removable devices
Meet Jimmy. Jimmy is an employee in your company. He Does Things With Computers official title. Last Wednesday, as Jimmy got out of his car after parking in the company-owned parking lot, he saw something on the ground. That something is a 512GB USB flash drive! Jimmy picks up the drive, whistlin...
Tackling phishing with signal-sharing and machine learning
Across services in Microsoft Threat Protection, the correlation of security signals enhances the comprehensive and integrated security for identities, endpoints, user data, cloud apps, and infrastructure. Our industry-leading visibility into the entire attack chain translates to enriched protecti...
Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP
In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine...
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted public sector institutions and...
Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks
Several weeks ago, the Windows Defender Advanced Threat Protection Windows Defender ATP team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia. Given the target region and verticals, the attack chain, and the toolsets...
Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets
Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specif...
Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
Consider this scenario: Two never-before-seen, heavily obfuscated scripts manage to slip past file-based detection and dynamically load an info-stealing payload into memory. The scripts are part of a social engineering campaign that tricks potential victims into running the scripts, which use the...
Partnering with the industry to minimize false positives
Every day, antivirus capabilities in Windows Defender Advanced Threat Protection Windows Defender ATP protect millions of customers from threats. To effectively scale protection, Windows Defender ATP uses intelligent systems that combine multiple layers of machine learning models, behavior-based...
Protecting the protector: Hardening machine learning defenses against adversarial attacks
Harnessing the power of machine learning and artificial intelligence has enabled Windows Defender Advanced Threat Protection Windows Defender ATP next-generation protection to stop new malware attacks before they can get started often within milliseconds. These predictive technologies are central...
How Microsoft 365 Security integrates with your broader IT ecosystem—part 2
Todays post was coauthored by Debraj Ghosh, Senior Product Marketing Manager, and Diana Kelley, Cybersecurity Field CTO. In part 1 of our blog series, we shared the Microsoft 365 Security strategy for integrating with the broader security community. Today, we cover the services Microsoft 365...
Attack inception: Compromised supply chain within a supply chain poses new risks
A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection Windows Defender ATP emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor...
Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis
Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they might need for malware campaigns...
Machine learning vs. social engineering
Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning h...
Adding transparency and context into industry AV test results
Corporate Vice President Brad Anderson recently shared his insights on how Windows Defender Advanced Threat Protection Windows Defender ATP evolved to achieve important quality milestones. Our Windows Defender ATP team is committed to delivering industry-leading protection, customer choice, and...
Teaming up in the war on tech support scams
Editors note: Erik Wahlstrom spoke about the far-reaching impact of tech support scams and the need for industry-wide cooperation in his RSA Conference 2018 talk Tech Scams: Its Time to Release the Hounds. Social engineering attacks like tech support scams are so common because theyre so effectiv...