726 matches found
How one senior developer brings the startup spirit to Microsoft
I recently had the opportunity to visit the Microsoft Africa Development Center, in my role as executive sponsor, for dedication ceremonies we hosted in both Nigeria and Kenya. All I have to say is, “Wow!” The energy at the ADC is simply electric. There’s so much optimism and so much enthusiasm f...
The future of compliance and data governance is here: Introducing Microsoft Purview
The worldwide shift to a hybrid workplace has pushed us all to embrace ubiquitous connectivity. Those new connections have helped us become more collaborative; routinely editing and sharing documents in real-time from wherever we happen to be working. Instant messaging went from being a tool of...
3 steps to secure your multicloud and hybrid infrastructure with Azure Arc
As businesses around the world grapple with the growth of an industrialized, organized attacker ecosystem, the need for customers to secure multicloud and hybrid infrastructure and workloads is increasingly urgent. Today, organizations face an attacker ecosystem that is highly economically...
Why decentralization is the future of digital identities
Our identity is increasingly becoming digitized—more of our hard copy credentials are converting into digital formats. We use these digital credentials to work, learn, play, socialize, shop, and consume services online and offline every day. It’s so convenient and expected now to be able to have...
Microsoft is recognized as a Leader in the 2021 Forrester Wave for Unified Endpoint Management
Microsoft is honored to be recognized as a Leader in The Forrester Wave: Unified Endpoint Management UEM, Q4 2021 report for our ability to help customers on their path to modern endpoint management. Microsoft Endpoint Manager—which brings together Microsoft Intune for cloud endpoint management a...
How Microsoft Defender for IoT can secure your IoT devices
Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks specifically targeting IoT devices used in enterprise environments as well as operational technology OT devices used in industrial systems and critical infrastructure like ICS/SCADA. It’s not surprisi...
Defenders wanted—building the new cybersecurity professionals
As part of Cybersecurity Awareness Month, we published a special blog post earlier this week featuring real-world experiences shared by cybersecurity professionals: people with diverse backgrounds in law, academia, software development, and other seemingly unrelated fields. This topic is near and...
3 trends shaping identity as the center of modern security
I recently returned from Kenya, where I visited our Microsoft Nairobi development center. Like many of you, I’ve mostly worked from home for the past year and more, so it was refreshing to meet members of our global team and inspiring to feel their passion for our mission: delivering identity...
How purple teams can embrace hacker culture to improve security
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Matthew Hickey, co-founder, CEO, and writ...
Back to the future: What the Jericho Forum taught us about modern security
Some of the earliest formal work on what we now call Zero Trust started around in a security consortium known as the Jericho Forum which later merged into The Open Group Security Forum. This started as a group of like-minded CISOs wrestling with the limitations of the dominant and unquestioned...
Security Unlocked—A new podcast exploring the people and AI that power Microsoft Security solutions
It’s hard to keep pace with all the changes happening in the world of cybersecurity. Security experts and leaders must continue learning and unlearning to stay ahead of the ever-evolving threat landscape. In fact, many of us are in this field because of our desire to continuously challenge...
Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit DCU, announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the...
MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite
In September 2016, we started adding to Microsoft Malicious Software Removal Tool MSRT a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. This...
Don’t let this Black Friday/Cyber Monday spam deliver Locky ransomware to you
Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting...
Kovter becomes almost file-less, creates a new file type, and gets some new certificates
Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their...
Strengthening identity protection in the face of highly sophisticated attacks
The post Strengthening identity protection in the face of highly sophisticated attacks appeared first on Microsoft Security Blog...
Protecting credentials against social engineering: Cyberattack Series
Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee. In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a credential phishing and smishing text-based phishin...
Digital security sessions at Microsoft Ignite to prepare you for the era of AI
Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...
From classroom to cyberfront: Unlocking the potential of the next generation of cyber defenders
In a world where the digital frontier is expanding and cyberattacks are becoming more sophisticated with speed and scale, the guardians of our virtual realms have never been in greater demand.1 It’s important to leverage this year’s Cybersecurity Awareness Month to celebrate the people who keep u...
Microsoft Security Copilot Early Access Program: Harnessing generative AI to empower security teams
The era of AI brings unprecedented opportunities for us, and at the same time we are also facing an unprecedented surge in cyberthreats, coupled with a global shortage of security experts. Security and safety is the defining challenge of our times and protecting organizations from cybercrime has...
Automatic disruption of human-operated attacks through containment of compromised user accounts
Our experience and insights from real-world incidents tell us that the swift containment of compromised user accounts is key to disrupting hands-on-keyboard attacks, especially those that involve human-operated ransomware. In these attacks, lateral movement follows initial access as the next...
Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview ha...
Why endpoint management is key to securing an AI-powered future
The chief information security officer CISO agenda has a new set of priorities. Hybrid work and the resultant architecture updates, so prevalent at the beginning of the pandemic, are no longer top of mind. Instead, the thinking is focused on tackling ever more sophisticated threats and integratin...
Protect intellectual property with Govern 365 and Microsoft Purview
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Global supply chains face a broad range of risks, from physical threats to cybersecurity threats. Sharing information with suppliers is essential for the supply chain to function...
2022 holiday DDoS protection guide
The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions. Organizations also have much to rejoice about during the holidays for example, more sales for retailers and more players for gaming companies. Unfortunately, cyb...
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...
Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections
Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...
Hardware-based threat defense against increasingly complex cryptojackers
Even with the dip in the value of cryptocurrencies in the past few months, cryptojackers – trojanized coin miners that attackers distribute to use compromised devices’ computing power for their objectives – continue to be widespread. In the past several months, Microsoft Defender Antivirus detect...
Microsoft announces new solutions for threat intelligence and attack surface management
Uncover adversaries with new Microsoft Defender threat intelligence products The threat landscape is more sophisticated than ever and damages have soared—the Federal Bureau of Investigations 2021 IC3 report found that the cost of cybercrime now totals more than USD6.9 billion.1 To counter these...
How Microsoft Security partners are helping customers do more with less
There has never been a greater demand for specialized cybersecurity expertise—or a greater opportunity for our partners to support our customers with new services and solutions. Over the last year, the permanent shift to hybrid work has empowered businesses to be remote and mobile. Increased...
4 breakthrough ideas for compliance and data security
Compliance management will never be easy, but there are ways to make it simpler and more transparent. Every year, organizations confront a growing volume and diversity of data and ever-evolving industry and government regulations. But the answer to more data, more devices, and more regulations...
Microsoft CRSP shares the ways human behavior affects compromise recovery
The Microsoft Compromise Recover Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across all organizations public and private, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place. As ...
Encouraging women to embrace their cybersecurity superpowers
The cybersecurity challenges of today require a diversity of skills, perspectives, and experiences, yet women remain underrepresented in this field. On International Women’s Day, some Microsoft Security women leaders penned a powerful blog highlighting the underrepresentation of women in...
Improve your threat detection and response with Microsoft and Wortell
This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. The way of working is changing rapidly. Many workloads are moving to the cloud and the pandemic accelerated organizations to provide infrastructure to aid employees working from...
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...
It’s Cybersecurity Awareness Month and there is still a lot to do
October is National Cyber Security Awareness Month NCSAM. And there is still a lot to do! For the last 17 years, the National Cybersecurity Awareness Month NCSAM campaign, driven by the Department of Homeland Security, has raised awareness about the importance of cyber security across the Nation...
CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats
This year, we have seen five significant security paradigm shifts in our industry. This includes the acknowledgment that the greater the diversity of our data sets, the better the AI and machine learning outcomes. This diversity gives us an advantage over our cyber adversaries and improves our...
No payment necessary: Fighting back against ransomware
Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. Any IT professional who’s ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate...
Starting your journey to become quantum-safe
There’s no doubt we are living through a time of rapid technological change. Advances in ubiquitous computing and ambient intelligence transform nearly every aspect of work and life. As the world moves forward with new advancements and distributed technologies, so too does the need to understand...
How Microsoft and Sonrai integrate to eliminate attack paths
Cloud development challenges conventional thinking about risk. A “perimeter” was always the abstraction that security teams could start from—defining their perimeter and exposing the cracks in firewalls and network access. With more and more infrastructure represented as ephemeral code, protectin...
Join our digital event to learn what’s new in Microsoft Entra
Editors note 6/15/2023: This blog has been updated to reflect the new date for this event, which is now July 11, 2023. It was previously scheduled for June 20, 2023. In today’s interconnected world, there’s virtually no limit to what technology can help us achieve. Millions of connections happen...
Why a proactive detection and incident response plan is crucial for your organization
The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matt Suiche, Director...
Join us at InfoSec Jupyterthon 2022
Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center SOC tools. Sitting somewhere between scripting/macros and a full-blown development...
IT security: An opportunity to raise corporate governance scores
What is a corporate governance score? Corporate governance scoring is increasingly important to boards of directors, executive leadership, and the investment community. If we want to enlist the support of a stakeholder, we have to talk about the things that are important to them. Sales revenue is...
2.5 million-plus cybersecurity jobs are open—women can fill them
This month is Women’s History Month and today is International Women’s Day—a time to reflect as individuals, societies, and industries on our progress for quality and equity for women. As a woman working in cybersecurity, I know firsthand that engaging girls, women, and people of color in...
Celebrating 20 Years of Trustworthy Computing
20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing TwC initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo...
Your guide to mobile digital forensics
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cellebrite Senior Director of...
Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense
Todays threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centers SOCs must be equipped with the tools and insight to identify and resolve potentially high-impact threa...
How to assess and improve the security culture of your business
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cygenta Co-founder and Co-Chief...
Unilever CISO on balancing business risks with cybersecurity
Imagine showing up to work every day knowing that your job requires protecting 160,000 employees creating more than 450 products around the world—tea, ice cream, personal care, laundry and dish soaps—across a customer base of more than two and a half billion people every day. Unilever Chief...