Hello open source security! Managing risk with software composition analysis

When first learning to code many people start with a rudimentary “Hello World” program. Building the program teaches developers the basics of a language as they write the code required to display “Hello World” on a screen. As developers get more skilled, the complexity of the programs they build...

Success in security: reining in entropy

Your network is unique. It’s a living, breathing system evolving over time. Data is created. Data is processed. Data is accessed. Data is manipulated. Data can be forgotten. The applications and users performing these actions are all unique parts of the system, adding degrees of disorder and...

Protect your accounts with smarter ways to sign in on World Passwordless Day

As the world continues to grapple with COVID-19, our lives have become increasingly dependent on digital interactions. Operating at home, we’ve had to rely on e-commerce, telehealth, and e-government to manage the everyday business of life. Our daily online usage has increased by over 20 percent...

Welcoming a more diverse workforce into cybersecurity: expanding the pipeline

Despite much focus on increasing the number of women in cybersecurity, as an industry we are still falling short. For many companies the problem starts with the tech pipeline—there just aren’t enough resumes from qualified female candidates. But I think the real problem is that our definition of...

Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation

Attackers will cross multiple domains like email, identity, endpoints, and applications to find the point of least resistance. Today’s defense solutions have been designed to protect, detect, and block threats for each domain separately, allowing attackers to exploit the seams and threshold...

Afternoon Cyber Tea—From threat intelligence to chatbots: A look at AI in cybersecurity

I’ve often said our teams should be as diverse as the problems we are trying to solve. Hiring a diverse security team isn’t just the right thing to do, it’s also good business. This is a topic I’m very passionate about, so I was delighted to interview Jane Frankland for the second podcast of...

Microsoft 365 helps governments adopt a Zero Trust security model

For governments to function, the flow of data on a massive scale is required—including sensitive information about critical infrastructure, citizens, and public safety and security. The security of government information systems is subject to constant attempted attacks and in need of a modern...

The quiet evolution of phishing

The battle against phishing is a silent one: every day, Office 365 Advanced Threat Protection detects millions of distinct malicious URLs and email attachments. Every year, billions of phishing emails don’t ever reach mailboxes—real-world attacks foiled in real-time. Heuristics, detonation, and...

Unraveling the techniques of Mac ransomware

Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets. This is evident in the range of industries, systems, and platforms...

Franken-phish: TodayZoo built from other phishing kits

A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today. We uncovered th...

Practical tips on how to use application security testing and testing standards

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Daniel Cuthbert, Global Head of Security...

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the...

New cloud-native breadth threat protection capabilities in Azure Defender

As the world adapts to working remotely, the threat landscape is constantly evolving, and security teams struggle to protect workloads with multiple solutions that are often not well integrated nor comprehensive enough. This results in serious threats avoiding detection, as well as security teams...

Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet

The accelerated rate of digital transformation we have seen this past year presents both challenges and endless opportunities for individuals, organizations, businesses, and governments around the world. Cybersecurity is the underpinning of helping protect these opportunities. By examining the...

Security Unlocked—A new podcast exploring the people and AI that power Microsoft Security solutions

It’s hard to keep pace with all the changes happening in the world of cybersecurity. Security experts and leaders must continue learning and unlearning to stay ahead of the ever-evolving threat landscape. In fact, many of us are in this field because of our desire to continuously challenge...

Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Transport Layer Security TLS 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170, the first step in a broader rollout to Windows 10 systems. TLS 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a...

IT executives prioritize Multi-Factor Authentication in 2020

In 2020, many IT executives will roll out or expand their implementation of Multi-Factor Authentication MFA to better safeguard identities. This is one of the key findings of a survey conducted by Pulse Q&A for Microsoft in October 2019.1 Specifically, 59 percent of executives will implement or...

Visionary security partners to be honored at the very first Microsoft Security 20/20 event

Microsoft Security 20/20 is nearly here and our team is putting the final touches on what we think will be a memorable event. Microsoft Security 20/20 will put the spotlight on companies and individuals with a clear-eyed view of the security challenges we face and smart solutions to help solve...

Afternoon Cyber Tea—The State of Cybersecurity: How did we get here? What does it mean?

Every year the number and scale of cyberattacks grows. Marc Goodman, a global security strategist, futurist, and author of the book, Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, thinks a lot about how we got here and what it means, which is why he w...

5 identity priorities for 2020

Today, Joy Chik, Corporate Vice President of Identity, shared five priorities central to security that organizations should prioritize in 2020 as they digitally transform. These priorities are based on many conversations with our customers, including: 1. Connect all applications and cloud resourc...

sLoad launches version 2.0, Starslord

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Background Intelligent Transfer Service BITS for malicious activities, has launched version 2.0. The new version comes on the heels of a comprehensive blog we published detailing the malware’s multi-stage...

Mobile threat defense and intelligence are a core part of cyber defense

The modern workplace is a mobile workplace. Today’s organizations rely on mobility to increase productivity and improve the customer experience. But the proliferation of smartphones and other mobile devices has also expanded the attack surface of roughly 5 billion mobile devices in the world, man...

Announcing the Microsoft Graph Security Hackathon winners

Bringing together information from multiple disconnected security systems to solve today’s security challenges is complex. We recently asked Microsoft Graph Security Hackathon participants to come up with innovative solutions using the Microsoft Graph Security API, and they did not disappoint. We...

Delivering security innovation that puts Microsoft’s experience to work for you

Cybersecurity is the central challenge of our digital age. Without it, everything from our personal email accounts and privacy to the way we do business, and all types of critical infrastructure, are under threat. As attackers evolve, staying ahead of these threats is getting harder. Microsoft ca...

Microsoft Security Intelligence Report volume 23 is now available

As security incidents and events keep making headlines, Microsoft is committed to helping our customers and the rest of the security community to make sense of the risks and offer recommendations. Old and new malware continues to get propagated through massive botnets, attackers are increasing...

Sharing research and discoveries at PWN2OWN

The annual PWN2OWN exploit contest at the CanSecWest conference in Vancouver, British Columbia, Canada, brings together some of the top security talent from across the globe in a friendly competition. For the participants, these events are a platform to demonstrate world-class skills and vie for...

Overview of rapid cyberattacks

Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attack...

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...

MISA expands portfolio and looks ahead during Microsoft Inspire

This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. Welcome to fiscal year 2022 FY22 and my first official blog as the MISA Lead. It’s been a whirlwind couple of months getting up to speed with all things MISA—closing out FY21...

How user experience is shaping verifiable credentials and identity

Since 2017, Microsoft has been working with the identity community on two groundbreaking technologies designed from the ground up to make digital privacy convenient and practical: decentralized identifiers and verifiable credentials. We believe verifiable credentials will revolutionize the way we...

Securing Azure datacenters with continuous IoT/OT monitoring

Figure 1: Industrial cooling system for datacenters. As more intelligent devices and machinery become connected to the internet, Operational Technology OT and the Internet of Things IoT have become part of your enterprise network infrastructure—and a growing security risk. With every new factory...

Microsoft surpasses $10 billion in security business revenue, more than 40 percent year-over-year growth

I joined Microsoft a little more than six months ago—amid a global pandemic and a new norm of remote work, as well as one of the most rapidly evolving threat landscapes in history. We’ve witnessed more sophisticated attacks, like the recent SolarWinds incident, as well as an increase in attack...

Collaborative innovation on display in Microsoft’s insider risk management strategy

The disrupted work environment, in which enterprises were forced to find new ways to enable their workforce to work remotely, changed the landscape for operations as well as security. One of the top areas of concern is managing insider risks, a complex undertaking even before the pandemic, and ev...

Gartner names Microsoft a Leader in the 2020 Magic Quadrant for Cloud Access Security Brokers

The past few months have changed the way we work in many ways, working from home, social distancing, and remote operations have all had impacts on our previously known ways of life. At Microsoft, we have been working hard to assist our customers adjust to this rapidly changing and evolving work...

The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware

The linchpin of successful cyberattacks, exemplified by nation state-level attacks and human-operated ransomware, is their ability to find the path of least resistance and progressively move across a compromised network. Determining the full scope and impact of these attacks is one the most...

Zero Trust and its role in securing the new normal

As the global crisis around COVID-19 continues, security teams have been forced to adapt to a rapidly evolving security landscape. Schools, businesses, and healthcare organizations are all getting work done from home on a variety of devices and locations, extending the potential security attack...

Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

This is the sixth blog in the Lessons learned from the Microsoft SOC series designed to share our approach and experience from the front lines of our security operations center SOC protecting Microsoft and our Detection and Response Team DART helping our customers with their incidents. For a visu...

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

Over the last fifteen years, attacks against critical infrastructure figure1 have steadily increased in both volume and sophistication. Because of the strategic importance of this industry to national security and economic stability, these organizations are targeted by sophisticated, patient, and...

Turning collaboration and customer engagement up with a strong identity approach

In these challenging times, it’s even more apparent that modern companies are managing a blended workforce that encompasses not only their full-time staff and customers but also their contractors, consultants, subsidiaries, suppliers, partners, and soon-to-be customers. Balancing friction-less...

Protecting against coronavirus themed phishing attacks

The world has changed in unprecedented ways in the last several weeks due to the coronavirus pandemic. While it has brought out the best in humanity in many ways, as with any crisis it can also attract the worst in some. Cybercriminals use people’s fear and need for information in phishing attack...

Defending the power grid against supply chain attacks—Part 1: The risk defined

Most people don’t think about electricity. If the internet works, their food is refrigerated, and their debit card is approved, why should they? Its ubiquity and reliability render it invisible—a bit of magic that powers much of modern life. That is, until a large storm passes through. Localized...

RSA Conference 2020—Empower your defenders with artificial intelligence and automation

The RSA Conference 2020 kicks off in less than three weeks, and the Microsoft Security team can’t wait. This is one of our most important annual events because it provides an invaluable opportunity for us to connect with customers, partners, and other security thought leaders. New ideas are...

DART: the Microsoft cybersecurity team we hope you never meet

If you spent 270 days away from home, not on vacation, you’d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, I know it’s because one of our customers is in need. It means there is a security compromise and they may ...

Use Windows Information Protection (WIP) to help make accidental data leakage a thing of the past

Have you always wished you could have mobile application management MAM on Windows? Now you can! Windows Information Protection WIP is an out-of-the box data leakage prevention feature for Windows 10 that can automatically apply protection for work files and data to prevent accidental data leakag...

Leverage cloud-powered security with Microsoft Defender for IoT

Traditionally, operational technology OT and IT have occupied separate sides of enterprise security. But with digital transformation and the advent of Industry 4.0, the old, siloed approach is showing its age.1 The rise of manufacturing execution systems has enabled more “smart factories” to...

Microsoft Defender Experts for Hunting proactively hunts threats

Today, we announced the general availability of Microsoft Defender Experts for Hunting to support organizations and their cybersecurity employees with proactive threat hunting. Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft t...

Detect active network reconnaissance with Microsoft Defender for Endpoint

The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, such as the Cybersecurity...

Protect your business from password sprays with Microsoft DART recommendations

Over the past year, the Microsoft Detection and Response Team DART, along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to fin...

How Microsoft is partnering with vendors to provide Zero Trust solutions

As workplaces around the world embrace hybrid work, Zero Trust provides the guiding strategy that keeps companies secure. However, no two organizations are alike. The Zero Trust journey will look unique for every organization that implements it. This means we must work together to create solution...