Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations

For the fourth consecutive year, Microsoft 365 Defender demonstrated its industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations, showcasing the value of an integrated XDR-based defense that unifies device and identity protection with a Zero Trust approach:...

New security features for Windows 11 will help protect hybrid work

Attackers haven’t wasted any time capitalizing on the rapid move to hybrid work. Every day cybercriminals and nation-states alike have improved their targeting, speed, and accuracy as the world adapted to working outside the office. These changes have put "cybersecurity issues and risks” at the t...

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

April 11, 2022 update – Azure Web Application Firewall WAF customers with Regional WAF with Azure Application Gateway now has enhanced protection for critical Spring vulnerabilities - CVE-2022-22963, CVE-2022-22965, and CVE-2022-22947. See Detect and protect with Azure Web Application Firewall...

Microsoft CRSP shares the ways human behavior affects compromise recovery

The Microsoft Compromise Recover Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across all organizations public and private, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place. As ...

Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations

For the fourth year in a row, the independent MITRE Engenuity Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® Evaluations demonstrated Microsoft’s strong detection and protection capabilities thanks to our multi-platform extended detection and response XDR defenses. The ever-evolvin...

3 strategies to launch an effective data governance plan

Aware of the potential risks of sensitive data if not managed properly, you’ve undertaken a data discovery process to learn where it’s all stored. You’ve classified this sensitive data—confidential information like credit card numbers and home addresses collected from customers, prospects,...

3 steps to secure your multicloud and hybrid infrastructure with Azure Arc

As businesses around the world grapple with the growth of an industrialized, organized attacker ecosystem, the need for customers to secure multicloud and hybrid infrastructure and workloads is increasingly urgent. Today, organizations face an attacker ecosystem that is highly economically...

How a leading Microsoft engineer extends culture to service resiliency

It’s hard to underestimate the impact that people can have on us in our formative years. Huiwen Ru, who spent several years working in identity and access management and is now a Principal Software Engineering Manager on the Singularity team at Microsoft, is a living example of how important...

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

March 24, 2022 update - As Microsoft continues to track DEV-0537’s activities, tactics, and tools, were sharing new detection, hunting, and mitigation information to give you additional insights on remaining vigilant against these attacks. In recent weeks, Microsoft Security teams have been...

A Leader in multiple Zero Trust security categories: Industry analysts weigh in

The massive shift toward remote and hybrid work over the last two years has prompted many security professionals to reassess where siloed security may create vulnerabilities.1 For that reason, Zero Trust has become the gold standard for enterprise security. An effective Zero Trust approach requir...

Manage subject rights requests at scale with Microsoft Priva

Privacy is of increasing importance to our customers. In addition to the well-known European General Data Protection Regulation GDPR, privacy regulations are emerging in nearly every region with more than 70 percent of countries now having data protection and privacy legislation.1 As the number a...

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...

What Generation Z can teach us about cybersecurity

Girl Security National Security Fellows Program fellow Amulya, a 17-year-old interested in countering online disinformation, said she feels her sense of personal privacy has been largely nonexistent “growing up in a media-saturated world.” She believes her sense of privacy was stolen by a...

Secure your healthcare devices with Microsoft Defender for IoT and HCL’s CARE

It wasn’t long ago that medical devices were isolated and unconnected, but the rise of IoT has brought real computing power to the network edge. Today, medical devices are transforming into interconnected, smart assistants with decision-making capabilities. Any device in a medical setting must be...

Why decentralization is the future of digital identities

Our identity is increasingly becoming digitized—more of our hard copy credentials are converting into digital formats. We use these digital credentials to work, learn, play, socialize, shop, and consume services online and offline every day. It’s so convenient and expected now to be able to have...

2.5 million-plus cybersecurity jobs are open—women can fill them

This month is Women’s History Month and today is International Women’s Day—a time to reflect as individuals, societies, and industries on our progress for quality and equity for women. As a woman working in cybersecurity, I know firsthand that engaging girls, women, and people of color in...

Secure your OT and IoT devices with Microsoft Defender for IoT and Quzara Cybertorch™

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In recent years, malicious actors have started attacking industrial control systems and key sectors of nations’ critical infrastructure to inflict damage that transcends the cyber...

Microsoft shares 4 challenges of protecting sensitive data and how to overcome them

Breaches of sensitive data are extremely costly for organizations when you tally data loss, stock price impact, and mandated fines from violations of General Data Protection Regulation GDPR, California Consumer Privacy Act CCPA, or other regulations. They also can diminish the trust of those who...

How Microsoft can help reduce insider risk during the Great Reshuffle

These are exciting and demanding days for organizations adapting to hybrid work realities, including a wider distributed workforce and more rapid change in employee roles. Organizations are becoming more agile as they refocus on employee onboarding and empowerment, opportunities with third-party...

MSTICPy January 2022 hackathon highlights

During the month of January 2022, the Microsoft Threat Intelligence Center MSTIC ran its inaugural hackathon for the open-source Jupyter and Python Security Tools library, MSTICPy. We asked the security community for their contributions to expand and improve MSTICPy’s features and capabilities, a...

Microsoft Security delivers new multicloud capabilities

In times of great change, challenges and opportunities can be found in many directions. This is certainly true in IT and cybersecurity. Today, while navigating a pandemic, frequent supply chain shocks, and global talent shortages, organizations around the world are forced to confront sophisticate...

The federal Zero Trust strategy and Microsoft’s deployment guidance for all

You’d be forgiven for missing the White House announcement on federal Zero Trust strategy on January 26, 2022.1 After all, on that day alone a Supreme Court Justice announced his intention to retire, the Federal Reserve announced its plan to raise interest rates, and the State Department was busy...

US Government sets forth Zero Trust architecture strategy and requirements

To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order EO 14028 on Improving the Nation’s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.1 Section 3 of EO 14028...

4 best practices to implement a comprehensive Zero Trust security approach

Today’s threat actors don’t see barriers, they see opportunities. As the old firewalls protecting the corporate network become obsolete amid the rush to adopt a hybrid workspace, implementing Zero Trust security has become an imperative across all sectors, both public and private. During this tim...

‘Ice phishing’ on the blockchain

The technologies that connect us are continually advancing, and while this brings tremendous new capabilities to users, it also opens new attack surfaces for adversaries and abusers. Social engineering represents a class of threats that has extended to virtually every technology that enables huma...

What’s Next in Security from Microsoft

One of the biggest challenges in security today is complexity. Not only is there an ever-growing number of threats, but many organizations are defending their companies with a patchwork of security solutions that don’t work well together. This piecemeal approach is costly, less secure, and hinder...

Cybersecurity threats are always changing—staying on top of them is vital, getting ahead of them is paramount

With a 1,070 percent increase in ransomware attacks year-over-year between July 2020 and June 2021, staying on top of attack trends—such as ransomware and supply chain threats—is more important than ever.1 To successfully detect and defend against security threats, we need to come together as a...

Detect active network reconnaissance with Microsoft Defender for Endpoint

The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, such as the Cybersecurity...

ACTINIUM targets Ukrainian organizations

The Microsoft Threat Intelligence Center MSTIC is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. MSTIC previously tracked ACTINIUM activi...

Cyber Signals: Defending against cyber threats with the latest research, insights, and trends

We’re excited to introduce Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, which will be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and...

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...

Gartner® names Microsoft a Leader in the 2022 Magic Quadrant™ for Enterprise Information Archiving

With data doubling every two years, it is more critical than ever to have simple and integrated tools to understand and manage risks to an organization. As more people work remotely, users collaborate and store data in different locations. These secular trends offer new possibilities in how work...

Build a privacy-resilient workplace with Microsoft Priva

Today, we celebrate international Data Privacy Day. This day reminds us of the importance of respecting privacy, safeguarding data, and enabling trust. However, annual reminders are insufficient to drive material change, which can be seen in the effectiveness rates of one-off trainings. According...

Measure the effectiveness of your Microsoft security with AttackIQ

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. To improve an organization’s cybersecurity readiness, you need to test that your detection and prevention technologies work as intended and that your security program is performing a...

Discover 3 ways to take a holistic approach to data protection

The risk landscape for organizations has changed significantly in the past few years. Traditional ways of identifying and mitigating risks simply don’t work. While traditionally, organizations have focused on external threats, risks from within the organization are just as prevalent and harmful...

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

We have recently uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign. We observed that the second stage of the campaign was successful agains...

How CISOs are preparing to tackle 2022

Looking back over the last year, the security landscape has continued to experience significant change and escalation. Every day, we see the toll this is taking on organizations of all sizes as they navigate the enduring challenges of the pandemic, the expansion of the digital estate, and the...

Celebrating 20 Years of Trustworthy Computing

20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing TwC initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo...

Build a stronger cybersecurity team through diversity and training

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series, Microsoft Security Product Marketing Manager Natalia Godyla talks with Heath Adams, Chief...

Destructive malware targeting Ukrainian organizations

Microsoft Threat Intelligence Center MSTIC has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and...

Learn about 4 approaches to comprehensive security that help leaders be fearless

The last 18 months have put unprecedented pressure on organizations to speed up their digital transformation as remote and hybrid work continue to become the new normal. Yet even with all the change and uncertainty, having the right security support system in place means your organization can sti...

Microsoft Zero Trust solutions deliver 92 percent return on investment, says new Forrester study

In the last two years, we’ve seen a staggering increase in the adoption of cloud-based services, remote work solutions, bring your own device BYOD, and IoT devices as organizations digitally transform themselves to enable a hybrid workforce.1 Zero Trust has become the essential security strategy...

Align your security and network teams to Zero Trust security demands

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Jennifer Minella, Founder and...

New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control TCC technology, thereby gaining unauthorized access to a user’s protected data. We...

What you need to know about how cryptography impacts your security strategy

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Taurus SA Co-founder...

The final report on NOBELIUM’s unprecedented nation-state attack

This is the final post in a four-part series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pul...

Your guide to mobile digital forensics

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cellebrite Senior Director of...

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

January 10, 2022 recap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers’ software and services. By nature of Log4j being a component, the vulnerabilities affect not only...

Best practices for AI security risk management

Today, we are releasing an AI security risk assessment framework as a step to empower organizations to reliably audit, track, and improve the security of the AI systems. In addition, we are providing new updates to Counterfit, our open-source tool to simplify assessing the security posture of AI...

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...