International Women’s Day: How to support and grow women in cybersecurity

Today, March 8, we are proud to celebrate International Women’s Day. The United Nations announced this year’s theme as “Women in leadership: Achieving an equal future in a COVID-19 world.” As a woman, a mother, a daughter, a sister, a friend, and a leader at Microsoft, this is an important time t...

Sophisticated cybersecurity threats demand collaborative, global response

Microsoft’s response to Solorigate Since December, the United States, its government, and other critical institutions including security firms have been addressing the world’s latest serious nation-state cyberattack, sometimes referred to as ‘Solorigate’ or ‘SUNBURST.’ As we shared earlier this i...

Azure Active Directory empowers frontline workers with simplified and secure access

Howdy folks, The past year has shown us all just how critical frontline workers are to our communities and our economy. They’re the people behind the counter, in the call centers, in hospital ICUs, on the supermarket floor—doing the critical work that makes the difference in feeding our families,...

The five-day job: A BlackByte ransomware intrusion case study

As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response previously known as Microsoft Detection and Response Team – DART of an...

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...

Zero Trust Adoption Report: How does your organization compare?

From the wide adoption of cloud-based services to the proliferation of mobile devices. From the emergence of advanced new cyberthreats to the recent sudden shift to remote work. The last decade has been full of disruptions that have required organizations to adapt and accelerate their security...

Encouraging women to embrace their cybersecurity superpowers

The cybersecurity challenges of today require a diversity of skills, perspectives, and experiences, yet women remain underrepresented in this field. On International Women’s Day, some Microsoft Security women leaders penned a powerful blog highlighting the underrepresentation of women in...

Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple’s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices. We developed a proof-of-concept exploit to demonstrate t...

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

New Microsoft Sysmon report in VirusTotal improves security

Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you manage,...

archTIS and Microsoft: Zero Trust information security for Microsoft Teams

Microsoft Teams has seen a surge in growth during the pandemic with over 115 million daily active users and growing.1 With it, customer imperative for enabling safe and trustworthy online collaboration has also increased significantly. The speed and simplicity of Teams business users creating new...

Windows 11 enables security by design from the chip to the cloud

Over the last year, PCs have kept us connected to family, friends, and enabled businesses to continue to run. This new hybrid work paradigm has got us thinking about how we will continue to deliver the best possible quality, experience, and security for the more than 1 billion people who use...

Microsoft acquires ReFirm Labs to enhance IoT security

Modern computing devices can be thought of as a collection of discrete microprocessors each with a dedicated function like high-speed networking, graphics, Disk I/O, AI, and everything in between. The emergence of the intelligent edge has accelerated the number of these cloud-connected devices th...

MITRE Engenuity ATT&CK® Evaluation proves Microsoft Defender for Endpoint stops advanced attacks across platforms

For the third year in a row, Microsoft successfully demonstrated industry-leading defense capabilities in the independent MITRE Engenuity ATT&CK Adversarial Tactics, Techniques, and Common Knowledge Evaluations. As the attack surface evolves on a near-daily basis, threat actors are creating more...

Go inside the new Azure Defender for IoT including CyberX

In 2020, the move toward digital transformation and Industry 4.0 took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational efficiency and reduce costs. But the cybersecurity model for operational technology OT was already shown to be...

How to protect your CAD data files with MIP and HALOCAD

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Computer-aided design CAD files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files...

MISA expands portfolio and looks ahead during Microsoft Inspire

This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. Welcome to fiscal year 2022 FY22 and my first official blog as the MISA Lead. It’s been a whirlwind couple of months getting up to speed with all things MISA—closing out FY21...

Windows Defender ATP machine learning: Detecting new and unusual breach activity

Microsoft has been investing heavily in next-generation security technologies. These technologies use our ability to consolidate large sets of data and build intelligent systems that learn from that data. These machine learning ML systems flag and surface threats that would otherwise remain...

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure CVD via Microsoft Security Vulnerability Research MSVR in October...

Cybersecurity’s next fight: How to protect employees from online harassment

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Leigh Honeywell, CEO and Co-founder of Ta...

Threat and Vulnerability Management now supports all major platforms

We are swiftly adapting to the lasting reality of a hybrid workforce, with the number of remote workers in the US expected to nearly double over the next five years, compared to pre-pandemic times. As a result, security teams are being challenged to rethink how to secure a growing and increasingl...

Surface expands its Secured-core portfolio with the new Surface Laptop 4 powered by AMD Ryzen™ Mobile Processors

As operating systems are becoming more secure and resistant to compromise, advanced vectors like firmware, kernel and hardware direct memory access DMA have emerged as new favored targets for threat actors. Recent trends indicate a substantial growth in the number of hardware and firmware exploit...

EDR in block mode stops IcedID cold

We are happy to announce the general availability of endpoint detection and response EDR in block mode in Microsoft Defender for Endpoint. EDR in block mode turns EDR detections into real-time blocking of malicious behaviors, malware, and artifacts. It uses Microsoft Defender for Endpoint’s...

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous...

Microsoft listed as a Representative Vendor in 2020 Gartner Market Guide for Insider Risk Management Solutions

While organizations have long prioritized external cybersecurity risks, many have not paid enough attention to the risks posed by trusted insiders in their organizations. This is a mistake. Insiders often already have access to sensitive data, and the risks, whether malicious or inadvertent, can...

Turning the page on Solorigate and opening the next chapter for the security community

The recent SolarWinds attack is a moment of reckoning. Today, as we close our own internal investigation of the incident, we continue to see an urgent opportunity for defenders everywhere to unify and protect the world in a more concerted way. We also see an opportunity for every company to adopt...

Protect your SQL Server on-premises, in Azure, and in multicloud

Azure Defender for SQL is now generally available for use with SQL Server on premises, in multicloud deployments on Amazon Web Services AWS, and Google Cloud Platform GCP, and in virtual machines on Azure. Azure Defender for SQL constantly monitors your SQL Server for known vulnerabilities and...

Microsoft Defender for Office 365 named Best Email Security Service of 2023 by SE Labs

In todays world where hybrid and remote work are on the rise, and companies rely on email now more than ever, phishing remains one of the most prominent and sophisticated techniques that malicious actors utilize to attack organizations and gain access to their most sensitive information...

How purple teams can embrace hacker culture to improve security

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Matthew Hickey, co-founder, CEO, and writ...

Why operational resilience will be key in 2021, and how this impacts cybersecurity

The lessons we have learned during the past 12 months have demonstrated that the ability to respond to and bounce back from adversity in general, can impact the short-and long-term success of any organization. It can even dictate the leaders and laggards in any industry. When we take into...

How companies are securing devices with Zero Trust practices

Organizations are seeing a substantial increase in the diversity of devices accessing their networks. With employees using personal devices and accessing corporate resources from new locations in record numbers, IT leaders are seeing an increase in their attack surface area. They’re turning to Ze...

The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 1

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the first post of our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Jake Williams, Founder of...

7 ways to harden your environment against compromise

Here at the global Microsoft Compromise Recovery Security Practice CRSP, we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the...

Microsoft to acquire RiskIQ to strengthen cybersecurity of digital transformation and hybrid work

Organizations are increasingly using the cloud to reimagine every facet of their business. Hybrid work has accelerated this digital transformation, and customers are challenged with the increasing sophistication and frequency of cyberattacks. Today, Microsoft is announcing that we have entered in...

SimuLand: Understand adversary tradecraft and improve detection strategies

At Microsoft, we continuously collaborate with customers and the InfoSec community to learn more about the latest adversary tradecraft so that we can improve our detection strategies across all our security services. Even though those detections are already built into our products, and protecting...

Afternoon Cyber Tea: Cybersecurity has become a pillar of the business

In a famous two-part episode of “Star Trek: The Next Generation,” Captain Jean-Luc Picard is captured by the Cardassians. During a pivotal scene, a Cardassian interrogator shows Picard four bright lights and demands that he “see” five lights. Picard resists, culminating with him shouting, “There...

New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats

Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks targeting areas of computing that don’t have the protection of the cloud. New data shows that firmware attacks are on the rise, and businesses aren’t paying close enough attention to securing this...

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...

Announcing the general availability of Azure Defender for IoT

As businesses increasingly rely on connected devices to optimize their operations, the number of IoT and Operational Technology OT endpoints is growing dramatically—industry analysts have estimated that CISOs will soon be responsible for an attack surface multiple times larger than just a few yea...

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...

How to manage a side-by-side transition from your traditional SIEM to Azure Sentinel

With every week bringing new headlines about crippling cyberattacks, and with organizations growing increasingly distributed, security teams are constantly asked to do more with less. Moving to cloud-native security information and event management SIEM can help security teams analyze data with t...

How far have we come? The evolution of securing identities

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Troy Hunt, founder of Have I Been Pwned,...

Microsoft unifies SIEM and XDR to help stop advanced attacks

For all of us in security, the last twelve months have been an incredible series of challenges—from balancing remote work with family priorities, to helping build resilient businesses, and protecting against the latest attacks. 2020 showed us that while we have made great progress, there is still...

Protecting customers from being intimidated into making an unnecessary purchase

There has been an increase in free versions of programs that purport to scan computers for various errors, and then use alarming, coercive messages to scare customers into buying a premium version of the same program. The paid version of these programs, usually called cleaner or optimizer...

Uncursing the ncurses: Memory corruption vulnerabilities found in library

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces TUI. Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface POSIX operating...

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that Microsoft Threat Intelligence Center MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and h...

Afternoon Cyber Tea: Cybersecurity challenged to meet diversity goals

Organizations often know they need to identify and address their cybersecurity blind spots. They also know the technology exists to help them do that. However, they don’t often understand how to communicate this need within their organization to justify the expense, nor do they know how to share...

How to secure your hybrid work world with a Zero Trust approach

We are operating in the most complex cybersecurity landscape we’ve ever seen. Sophisticated and determined attackers are the norm. And we all are preparing for the next great disruption—hybrid work. Security has never been more important, and as I shared in another Security blog today, it’s clear...

Identity at Microsoft Ignite: Strengthening Zero Trust defenses in the era of hybrid work

We’re now a year into our new reality, and two trends stand out. First, people need even more flexibility as we work, learn, and collaborate in a world without perimeters. And second, bad actors are getting even more sophisticated. They’re adding new attack vectors and combining them in new...