726 matches found
Microsoft announces recipients of academic grants for AI research on combating phishing
Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...
How public-private partnerships can combat cyber adversaries
For several years now, policymakers and practitioners from governments, CERTs, and the security industry have been speaking about the importance of public-private partnerships as an essential part of combating cyber threats. It is impossible to attend a security conference without a keynote...
Office 2013 can now block macros to help prevent infection
In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet. This feature was documented back in March: New feature in Office 2016 can block macros...
Microsoft at Legalweek: Secure data and gain efficiencies with Microsoft Purview eDiscovery enhanced by generative AI
The legal profession is known for being cautious or hesitant to adopt new technologies. However, when it comes to AI, it seems like legal professionals are ready to be on the leading edge of AI implementation. A Thomson Reuters survey of legal professionals found that 82% agree that AI can be...
New Microsoft Purview features use AI to help secure and govern all your data
In the past few years, we have witnessed how digital and cloud transformation has accelerated the growth of data. With more and more customers moving to the cloud, and with the rise of hybrid work, data usage has moved beyond the traditional borders of business. Data is now stored in multiple clo...
An integrated incident response solution with Microsoft and PwC
Today Microsoft Incident Response is excited to announce a new collaboration with PwC to expand our joint incident response and recovery capability. In this global alliance, Microsoft begins the initial containment and investigation, bringing a deep understanding of a company’s infrastructure to...
Boost identity protection with Axiad Cloud and Microsoft Entra ID
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Passwords are a security weakness and phishing attacks to exploit accounts protected by passwords are on the rise. The last 12 months have seen an average of more than 4,000 password...
Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things
The recently published United States National Cybersecurity Strategy warns that many popular Internet of Things IoT devices are not sufficiently secure to protect against many of today’s common cybersecurity threats.1 The strategy also cautions that many of these IoT devices are difficult—or, in...
Public preview: Improve Win32 app security via app isolation
The post Public preview: Improve Win32 app security via app isolation appeared first on Microsoft Security Blog...
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle AiTM phishing and business email compromise BEC attack against banking and financial services organizations. The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and...
Improve supply chain security and resiliency with Microsoft
Let’s start with the bad news. Cybersecurity breaches can be particularly devastating for supply chains, which involve multiple parties and sensitive information. As operational technology OT devices become increasingly connected, blurring the gap between IT and OT environments, the risk of hacke...
Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent in the past year, and 1 in 40 organizations...
Solving one of NOBELIUM’s most novel attacks: Cyberattack Series
Our story begins with eight Microsoft Detection and Response Team DART analysts gathered around a customer’s conference room to solve a cybersecurity mystery. Joined by members of the customer’s cybersecurity team, they were there to figure out how a Russia-based nation-state hacking group known ...
Digital event highlights new features in Microsoft Purview
Keeping your company and customer data secure has never been more complex. With multiple clouds, legacy on-premises systems, and numerous devices, it can be hard to keep track of what data you have and where it lives. On top of that, ever-changing employee roles make managing who has access to wh...
Cybersecurity awareness tips from Microsoft to empower your team to #BeCyberSmart
October is Cybersecurity Awareness Month, and I’m excited about what Microsoft and our partners in the industry have planned to help everyone stay CyberSmart. 2022 may have offered some respite from the previous year’s rush to enable a remote and hybrid workforce, but the increased use of persona...
Microsoft security experts outline next steps after compromise recovery
Who is CRSP? The Microsoft Compromise Recovery Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the...
What Generation Z can teach us about cybersecurity
Girl Security National Security Fellows Program fellow Amulya, a 17-year-old interested in countering online disinformation, said she feels her sense of personal privacy has been largely nonexistent “growing up in a media-saturated world.” She believes her sense of privacy was stolen by a...
Microsoft Security delivers new multicloud capabilities
In times of great change, challenges and opportunities can be found in many directions. This is certainly true in IT and cybersecurity. Today, while navigating a pandemic, frequent supply chain shocks, and global talent shortages, organizations around the world are forced to confront sophisticate...
Cybersecurity threats are always changing—staying on top of them is vital, getting ahead of them is paramount
With a 1,070 percent increase in ransomware attacks year-over-year between July 2020 and June 2021, staying on top of attack trends—such as ransomware and supply chain threats—is more important than ever.1 To successfully detect and defend against security threats, we need to come together as a...
Cyber Signals: Defending against cyber threats with the latest research, insights, and trends
We’re excited to introduce Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, which will be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and...
Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study
In the last two years, we’ve seen a staggering increase in the adoption of cloud-based services, remote work solutions, bring your own device BYOD, and IoT devices as organizations digitally transform themselves to enable a hybrid workforce.1 Zero Trust has become the essential security strategy...
Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack
This is the third in a four-part blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pul...
Learn how Microsoft strengthens IoT and OT security with Zero Trust
As cyber threats grow more sophisticated and relentless, the need for Cybersecurity Awareness Month becomes more urgent every year. As part of our year-round commitment to security for all, Microsoft continues to track numerous incidents targeting both digital and physical operations for many...
Azure network security helps reduce cost and risk according to Forrester TEI study
As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools ...
Windows 11 enables security by design from the chip to the cloud
Over the last year, PCs have kept us connected to family, friends, and enabled businesses to continue to run. This new hybrid work paradigm has got us thinking about how we will continue to deliver the best possible quality, experience, and security for the more than 1 billion people who use...
Strategies, tools, and frameworks for building an effective threat intelligence team
How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...
Microsoft recognized as a Leader in the 2020 Gartner Magic Quadrant for Enterprise Information Archiving
Organizations face an increasing volume of data generated daily and ever-evolving regulations around how that data is managed. To help navigate this complex information landscape, we are focused on delivering integrated, intelligent, and user-centric solutions. Over the past few years, we...
Developing an effective cyber strategy
The word strategy has its origins in the Roman Empire and was used to describe the leading of troops in battle. From a military perspective, strategy is a top-level plan designed to achieve one or more high-order goals. A clear strategy is especially important in times of uncertainty as it provid...
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
Last week the technology industry and many of our customers learned of new vulnerabilities in the hardware chips that power phones, PCs and servers. We and others in the industry had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing...
Antivirus evolved
Some say antivirus is an outdated technology. What does “antivirus” even mean? For us, antivirus is the most commonly recognized term that means for customers “a product that stops bad programs from infecting my device.” Saying “antivirus” is similar to when you hear a Southerner like myself say...
Phishers unleash simple but effective social engineering techniques using PDF attachments
The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We’re seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks...
Windows 10: protection, detection, and response against recent Depriz malware attacks
A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender...
Fake fax ushers in revival of a ransomware family
Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. "Criminal case against you" is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood ...
How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound impa...
Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite
The future of security with AI The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by...
How Microsoft can help you go passwordless this World Password Day
It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...
Latest Microsoft Entra advancements strengthen identity security
If you read behind the attention-grabbing headlines, most novel techniques rely on compromised identities.1 In fact, of all the ways an attacker can get into your digital estate, identity compromise is still the most common.2 This makes identity your first line of defense. In many organizations,...
Microsoft achieves first native Cloud Data Management Capabilities certification
Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities CDMC 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part of the EDM Council’s...
Do more with less—Discover the latest Microsoft Entra innovations
It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...
Microsoft Security highlights from Black Hat USA 2022
Black Hat USA 2022 marked the twenty-fifth year that security researchers, security architects, and other security professionals have gathered to share the latest research, developments, and trends. Microsoft was among the companies participating in the conference, which was from August 6 to 11,...
Microsoft at RSA 2022: Envisioning the future of security
Like most of you, I was glad to see the 2022 RSA Conference return to its in-person roots after a two-year digital hiatus. This year’s event was a great success, drawing 26,000 attendees to three days of cutting-edge security sessions, tutorials, seminars, and special events at Moscone Center in...
Improving AI-based defenses to disrupt human-operated ransomware
Microsoft’s deep understanding of human-operated ransomware attacks, which are powered by a thriving cybercrime gig economy, continuously informs the solutions we deliver to protect customers. Our expert monitoring of threat actors, investigations into real-world ransomware attacks, and the...
Making the world a safer place with Microsoft Defender for individuals
Today’s sophisticated cyber threats require a modern approach to security. And this doesn’t apply only to enterprises or government entities—in recent years we’ve seen attacks increase exponentially against individuals. There are 921 password attacks every second.1 We’ve seen ransomware threats...
How one senior developer brings the startup spirit to Microsoft
I recently had the opportunity to visit the Microsoft Africa Development Center, in my role as executive sponsor, for dedication ceremonies we hosted in both Nigeria and Kenya. All I have to say is, “Wow!” The energy at the ADC is simply electric. There’s so much optimism and so much enthusiasm f...
The future of compliance and data governance is here: Introducing Microsoft Purview
The worldwide shift to a hybrid workplace has pushed us all to embrace ubiquitous connectivity. Those new connections have helped us become more collaborative; routinely editing and sharing documents in real-time from wherever we happen to be working. Instant messaging went from being a tool of...
Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations
For the fourth year in a row, the independent MITRE Engenuity Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® Evaluations demonstrated Microsoft’s strong detection and protection capabilities thanks to our multi-platform extended detection and response XDR defenses. The ever-evolvin...
3 steps to secure your multicloud and hybrid infrastructure with Azure Arc
As businesses around the world grapple with the growth of an industrialized, organized attacker ecosystem, the need for customers to secure multicloud and hybrid infrastructure and workloads is increasingly urgent. Today, organizations face an attacker ecosystem that is highly economically...
Why decentralization is the future of digital identities
Our identity is increasingly becoming digitized—more of our hard copy credentials are converting into digital formats. We use these digital credentials to work, learn, play, socialize, shop, and consume services online and offline every day. It’s so convenient and expected now to be able to have...
AI-driven adaptive protection against human-operated ransomware
In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we...
How Microsoft Defender for IoT can secure your IoT devices
Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks specifically targeting IoT devices used in enterprise environments as well as operational technology OT devices used in industrial systems and critical infrastructure like ICS/SCADA. It’s not surprisi...