726 matches found
Hardening the system and maintaining integrity with Windows Defender System Guard
One of the things we spend a great deal of time thinking about here at Microsoft is how attackers will attempt to persist and evade detection once they’ve successfully compromised a device. With Windows 10 we’ve made it more difficult to find ways to exploit potential entry points, and it’s clear...
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit SDK, a software development environment widely used to program and engineer programmable logic controllers PLCs. Exploitation of the discovered...
ACTINIUM targets Ukrainian organizations
The Microsoft Threat Intelligence Center MSTIC is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. MSTIC previously tracked ACTINIUM activi...
New tech support scam launches communication or phone call app
A new tech support scam technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. We recently found a new tech support scam website that opens your default communication or phone call app, automatically prompting you to ca...
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
The Microsoft Threat Intelligence Center MSTIC and the Microsoft Security Response Center MSRC found a private-sector offensive actor PSOA using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and...
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...
Financially motivated threat actors misusing App Installer
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme App Installer to distribute malware. In addition to ensuring that...
How a national cybersecurity agency can help avoid a national cybersecurity quagmire
This last October we saw more countries than ever participate in initiatives to raise cybersecurity awareness. What was once largely a US approach has evolved into events and initiatives around the world by governments, civil society groups, and private sector partners. This increased breadth and...
Windows 10 platform resilience against the Petya ransomware attack
Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. The Petya ransomware attack on June 27, 2017 which we analyzed in-depth in this blog may have been perceived as an outbreak worse than last month's...
IIS modules: The evolution of web shells and how to detect them
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...
Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center
Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit HLK compatibility tests, malware scanning, and prove their identity through extended validation EV certificates. This has significantl...
A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security
Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers CASB. The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security...
Azure Sentinel achieves a Leader placement in Forrester Wave, with top ranking in Strategy
I’m thrilled to announce Forrester Research has named Microsoft Azure Sentinel as a “Leader” in The Forrester Wave: Security Analytics Platform Providers, Q4 2020. When we released Azure Sentinel almost a year ago—the industry’s first cloud-native SIEM on a major public cloud—our goal was to...
Introducing Windows Defender Application Control
Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control flips the model from one where all applications are assumed trustworthy by default t...
Microsoft Digital Defense Report shares new insights on nation-state attacks
Microsoft is proud to promote Cybersecurity Awareness Month as part of our ongoing commitment to security for all. Year-round, Microsoft tracks nation-state threat activities to help protect organizations and individuals from these advanced persistent actors. We’re constantly improving our...
Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT
Cryptocurrency mining—once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources—has been on the rise in recent years. This increase in cryptocurrency mining activity is driven by the increasing value of cryptocurrencies like Bitcoin, the growth in...
The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the first post of our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Jake Williams, Founder of...
AI security risk assessment using Counterfit
Today, we are releasing Counterfit, an automation tool for security testing AI systems as an open-source project. Counterfit helps organizations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable, and trustworthy. AI systems are...
Secure containerized environments with updated threat matrix for Kubernetes
Last April, we released the first version of the threat matrix for Kubernetes. It was the first attempt to systematically map the threat landscape of Kubernetes. As we described in the previous post, we chose to adapt the structure of MITRE ATT&CK® framework which, became almost an industry...
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could no longer be...
Microsoft at Black Hat 2021: Sessions, bug bounty updates, product news, and more
Black Hat USA 2021 is about understanding the needs of security professionals and meeting you where you are. With last year’s pandemic-related firefighting still fresh in our minds, this year’s event will provide a welcome respite to learn about cutting-edge security solutions, build our skillset...
Microsoft named a Visionary in the 2021 Gartner Magic Quadrant for SIEM for Azure Sentinel
We’re pleased to announce that in its first year of inclusion in the Gartner Magic Quadrant report, Microsoft Azure Sentinel has been named a Visionary, where we were recognized for our completeness of vision for SIEM.1 Gartner has said that “cloud SIEM will be the future of how many organization...
Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...
The evolution of a matrix: How ATT&CK for Containers was built
Note: The content of this post is being released jointly with the Center for Threat-Informed Defense. It is co-authored with Chris Ante and Matthew Bajzek. The Center post can be found here. As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the...
Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosu...
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...
Microsoft a Leader in 2021 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools
In today’s changing business world, where flexibility is more crucial than ever, we’re honored that Gartner has again recognized Microsoft as a Leader in the Magic Quadrant for Unified Endpoint Management UEM Tools1. Over the last 18 months, millions of employees worldwide have had to shift their...
Threat matrix for storage services
The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat protection and mitigation strategies and...
Identity governance: The power of “Why not?”
Innovation requires the courage to take risks and the leadership skills to show others that risks are worth taking. That’s why I love working with people like Joe Dadzie, a partner group program manager in identity governance. Joe has a long history of championing disruptive technology...
Strategies, tools, and frameworks for building an effective threat intelligence team
How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out by an actor we track as Peach Sandstorm HOLMIUM. Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, defense, and...
Getting started with the CDMC framework—Microsoft’s guide to cloud data management
On March 20, 2023, Microsoft announced the successful completion of the Cloud Data Management Capabilities CDMC certification. As a proponent of wider industry standards, I was fortunate to be part of Microsoft’s executive team working to achieve this important milestone. Beginning in 2020, we...
Uncovering a ChromeOS remote memory corruption vulnerability
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service DoS or, in extreme cases, remote code execution RCE. Following our D-Bus blog post that focused on Linux, we searched for similar...
Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management
Today on the Official Microsoft Blog, Microsoft announced the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management CIEM. CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce...
Hart and Microsoft announce partnership to incorporate ElectionGuard
On Thursday, June 3, 2021, via a joint press release on Microsoft Stories, Hart InterCivic and Microsoft have announced a partnership to incorporate ElectionGuard software developed by Microsoft into Hart’s Verity voting systems. The partnership makes Hart the first major voting machine...
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that used adversary-in-the-middle AiTM phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication MFA. The attackers then used the stolen credentials and session...
Attack AI systems in Machine Learning Evasion Competition
Today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition MLSEC for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting. Hosted and sponsored by Microsoft, alongside NVIDIA, CUJO AI, VM-Ray, and MRG...
MITRE ATT&CK® mappings released for built-in Azure security controls
The Security Stack Mappings for Azure research project was published today, introducing a library of mappings that link built-in Azure security controls to the MITRE ATT&CK® techniques they mitigate against. Microsoft once again worked with the Center for Threat-Informed Defense and other Center...
Protecting SAP applications with the new Azure Sentinel SAP threat monitoring solution
As one of the leading solution providers for applications that manage business processes, SAP is the custodian for massive amounts of sensitive data in many of the biggest organizations in the world. Since these applications are business-critical, an SAP security breach can be catastrophic. Yet,...
Zero Trust: 7 adoption strategies from security leaders
Microsoft considers Zero Trust an essential component of any organization’s security plan. We have partnered with Cloud Security Alliance, a not-for-profit organization that promotes cloud computing best practices, to bring together executive security leaders to discuss and share insights about...
Forrester Consulting TEI Study: Azure Security Center delivers 219 percent ROI over 3 years and a payback of less than 6 months
Azure Security Center is a critical tool to secure our multi-cloud workloads in the new world of remote work we find ourselves in today. We are excited to share that Forrester Consulting has just conducted a commissioned Total Economic Impact TEI study on behalf of Microsoft, which involved...
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
From March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety of phishing lures and tactics. These...
Overview of Petya, a rapid cyberattack
In the first blog post of this 3-part series, we introduced what rapid cyberattacks are and illustrated how they are different in terms of execution and outcome. Next, we will go into some more details on the Petya aka NotPetya attack. How Petya worked The Petya attack chain is well understood,...
Protecting Android clipboard content from unintended exposure
Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks. Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data...
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
Updated August 26, 2022: Added instructions to enable collection of AD FS event logs in order to search for Event ID 501, and added a new resource for AD FS audit logging in Microsoft Sentinel. Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, whi...
CyberMDX and Microsoft: Protecting life-saving medical devices
This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. While hospitals continue to battle the COVID-19 pandemic, many are battling other “viruses” behind the scenes. Malware, ransomware, and phishing attacks against healthcare...
BlueVoyant optimizes customer security with Microsoft security services
This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. What a year it has been. The rapid and unexpected transition to work from home is one of the biggest issues affecting companies of all sizes and industries in 2020. As companies...
Finalists announced in second annual Microsoft Security 20/20 awards
2020 was a transformational year. Seemingly overnight, COVID-19 reshaped our perspective on work, home life, and security. Setting up home offices and powering through online presentations in our pajama bottoms with cameos by pets and children, our industry rose to the challenge. All that...
The biggest challenges—and important role—of application security
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...