Microsoft Intune: 5 endpoint management predictions for 2023

The end of the year typically brings with it a small library of reports with predictions for the year ahead. The value in these reports is less in the precise predictions themselves—given how interconnected the world is, no one has a perfect crystal ball. Rather, the forecasts help frame the...

How to build a secure foundation for identity and access

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Christina Richmond, a...

Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple’s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices. We developed a proof-of-concept exploit to demonstrate t...

Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report

We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure...

Do more with less with Microsoft Security—3 strategies to get you started

Relentless bad actors, evolving attack tactics, and numerous surfaces and endpoints that attackers may try to exploit. With the average cost of a data breach reaching an all-time high of USD4.35 million in 2022,1 protecting your people and data from adversaries is more important than ever. Plus,...

Cyber Signals: Risks to critical infrastructure on the rise

Today, the third edition of Cyber Signals was released spotlighting security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. In this edition, we share new insights on wider risks that converging IT, Internet of Things IoT, and operation...

4 things to look for in a multicloud data protection solution

What does it mean to be a multicloud organization? As the name implies, the term describes a model of cloud computing where an organization uses multiple clouds—two or more public clouds, private clouds, or a combination of public, private, and edge clouds—to distribute applications and services...

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

Mitigate threats with the new threat matrix for Kubernetes

Today, we are glad to release the third version of the threat matrix for Kubernetes, an evolving knowledge base for security threats that target Kubernetes clusters. The matrix, first released by Microsoft in 2020, was the first attempt to systematically cover the attack landscape of Kubernetes...

DEV-0139 launches targeted attacks against the cryptocurrency industry

Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also observed threat...

Implementing Zero Trust access to business data on BYOD with Trustd MTD and Microsoft Entra

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. As more employees work remotely on a variety of devices and networks, businesses need a security model that supports this new operational efficiency. An expanding perimeter poses...

Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense DoD released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state...

Join us at InfoSec Jupyterthon 2022

Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center SOC tools. Sitting somewhere between scripting/macros and a full-blown development...

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...

Microsoft contributes S2C2F to OpenSSF to improve supply chain security

On August 4, 2022, Microsoft publicly shared a framework.pdf that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework S2C2F, previously the Open Source Software-Supply Chain Security OSS-SSC Framework. As a massive consumer of and...

Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication MFA, threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team DART has seen an increa...

2022 holiday DDoS protection guide

The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions. Organizations also have much to rejoice about during the holidays for example, more sales for retailers and more players for gaming companies. Unfortunately, cyb...

Microsoft threat intelligence presented at CyberWarCon 2022

At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates Microsoft Threat Intelligence...

Simplify privacy protection with Microsoft Priva Subject Rights Requests

The General Data Protection Regulation GDPR came into effect in 2018 and set a new standard for the level of control individuals in the European Union had on the personal data they shared online. Since then, the number of privacy regulations around the world has flourished and impacted the privac...

Microsoft Defender Experts for Hunting demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations for Managed Services

Microsoft Defender Experts for Hunting, our newest managed threat hunting service, delivered industry-leading results during the inaugural MITRE Engenuity ATT&CK® Evaluations for Managed Services. We provided a seamless, comprehensive, and rapid response to the simulated attack using expert-led...

Microsoft named a Leader in 2022 Gartner® Magic Quadrant™ for Access Management for the 6th year

We are honored to announce that Microsoft has been named a Leader in the 2022 Gartner® Magic QuadrantTM for Access Management for Microsoft Azure Active Directory Azure AD, part of Microsoft Entra. We thank our customers who guide our strategy and product innovation, engage with us deeply in...

Identifying cyberthreats quickly with proactive security testing

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matthew Hickey,...

Stopping C2 communications in human-operated ransomware through network protection

Command-and-control C2 servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading and launching payloads, controlling botnets, or commanding post-exploitation penetration frameworks ...

Microsoft Security tips for mitigating risk in mergers and acquisitions

Sixty-two percent of organizations that undertake mergers and acquisitions face significant cybersecurity risks or consider cyber risks their biggest concern post-acquisition.1 Threat actors that focus on corporate espionage often target the acquiring company, which we will refer to as the Parent...

The door is open for anyone to become a cyber defender

Throughout Cybersecurity Awareness Month, Microsoft has highlighted the importance of cybersecurity and provided resources to help people and organizations stay safe. It’s great to have this month as a reminder, and even better if that awareness becomes a year-round endeavor. Education is really...

Discover Microsoft Security solutions for SLTT government grant readiness

As part of the Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act of 2021, the United States federal government announced a cybersecurity grant program for state, local, territorial, and tribal SLTT governments to fund allocation of USD1 billion over the next...

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to follow-on...

How to prevent lateral movement attacks using Microsoft 365 Defender

It’s been 10 years since the first version of the Mitigating Pass-the-Hash Attacks and Other Credential Theft whitepaper was made available, but the techniques are still relevant today, because they help prevent attackers from gaining a network foothold and using credential-dumping tools to extra...

How businesses are gaining integrated data protection with Microsoft Purview

Currently, our interconnected world is creating 2.5 quintillion bytes of data every day.1 Every purchase made, every email sent, every contract signed: all of it gets shared, accessed, and stored. We take it on faith that organizations are doing all this safely; however, data loss is becoming a...

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, QuantumLocker, and Zeppelin,...

Secure your endpoints with Transparity and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Endpoint protection platforms EPPs are dead and no longer sufficient to protect your organization, right? Wrong. When it comes to cybersecurity, the ability to normalize and correlat...

Securing IoT devices against attacks that target critical infrastructure

South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face today. According to South...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team DART responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures TTPs as most network security postures increase. In this blog, we detail a...

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team DART responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures TTPs as most network security postures increase. In this blog, we detail a...

How Microsoft Purview and Priva help simplify data protection

At Microsoft Security, we understand how challenging it is to protect your most important asset, your data, in today’s threat landscape. You’re faced with evolving challenges—from empowering employees for greater productivity to eliminating gaps in your infrastructure—all while trying to protect...

How Microsoft Purview and Priva help simplify data protection

At Microsoft Security, we understand how challenging it is to protect your most important asset, your data, in today’s threat landscape. You’re faced with evolving challenges—from empowering employees for greater productivity to eliminating gaps in your infrastructure—all while trying to protect...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

Microsoft named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Information and Event Management

Security operations teams are overwhelmed trying to protect their organizations against an onslaught of cyberattacks, including a 92 percent rise in ransomware attacks.1 Too often, existing security tools are siloed or not designed to meet the needs of today’s hybrid cloud environment. The result...

Microsoft named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Information and Event Management

Security operations teams are overwhelmed trying to protect their organizations against an onslaught of cyberattacks, including a 92 percent rise in ransomware attacks.1 Too often, existing security tools are siloed or not designed to meet the needs of today’s hybrid cloud environment. The result...

5 cybersecurity capabilities announced at Microsoft Ignite 2022 to help you secure more with less

Protecting your business against growing security threats is a huge priority. Companies of all sizes have increased their spending on cybersecurity solutions to protect their operations over the last year. User spending for the information security and risk management market will grow to USD169.2...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

5 cybersecurity capabilities announced at Microsoft Ignite 2022 to help you secure more with less

Protecting your business against growing security threats is a huge priority. Companies of all sizes have increased their spending on cybersecurity solutions to protect their operations over the last year. User spending for the information security and risk management market will grow to USD169.2...

Microsoft publishes new report on holistic insider risk management

The risk landscape for organizations has changed significantly in the past few years. The amount of data captured, copied, and consumed is expected to grow to more than 180 zettabytes through 2025.1 Traditional ways of identifying and mitigating risks don’t always work. Historically, organization...

Microsoft publishes new report on holistic insider risk management

The risk landscape for organizations has changed significantly in the past few years. The amount of data captured, copied, and consumed is expected to grow to more than 180 zettabytes through 2025.1 Traditional ways of identifying and mitigating risks don’t always work. Historically, organization...