Why integrated phishing-attack training is reshaping cybersecurity—Microsoft Security

Phishing is still one of the most significant risk vectors facing enterprises today. Innovative email security technology like Microsoft Defender for Office 365 stops a majority of phishing attacks before they hit user inboxes, but no technology in the world can prevent 100 percent of phishing...

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe the affected network’s...

Gartner announces the 2020 Magic Quadrant for Unified Endpoint Management

I’m excited to announce that, last week, Gartner listed Microsoft as a Leader in its 2020 Magic Quadrant for Unified Endpoint Management. You can read the entire report here, and you can see a snapshot of the Magic Quadrant below. You will note that we improved on both the “Ability to Execute” an...

UEFI scanner brings Microsoft Defender ATP protection to a new level

Microsoft Defender Advanced Threat Protection Microsoft Defender ATP is extending its protection capabilities to the firmware level with a new Unified Extensible Firmware Interface UEFI scanner. Hardware and firmware-level attacks have continued to rise in recent years, as modern security solutio...

CISO stress-busters: post #1 overcoming obstacles

As part of the launch of the U.S. space program’s moon shot, President Kennedy famously said we do these things “not because they are easy, but because they are hard.” The same can be said for the people responsible for security at their organizations; it is not a job one takes because it is easy...

Welcoming and retaining diversity in cybersecurity

I doubt I’d be in the role I am now if leaders at one of my first jobs hadn’t taken an interest in my career. Although I taught myself to code when I was young, I graduated from college with a degree in English Literature and began my post-college career in editorial. I worked my way up to...

Changing the monolith—Part 1: Building alliances for a secure culture

Any modern security expert can tell you that we’re light years away from the old days when firewalls and antivirus were the only mechanisms of protection against cyberattacks. Cybersecurity has been one of the hot topics of boardroom conversation for the last eight years, and has been rapidly...

The language of InfoSec

As the cybersecurity industry has evolved, one dynamic has remained consistent: our industry-"speak". We use a language that is very unique, difficult for new folks to understand, and oftentimes just plain sensationalistic. While any industry has its own technical terms, our language can also be ...

Threat actors misuse OAuth applications to automate financially driven attacks

Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for token-based authentication and authorization that enables applications to get access to data and resources based on permissions set by a user. Threat actors compromi...

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

Microsoft has observed the Sliver command-and-control C2 framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver...

Microsoft announces new solutions for threat intelligence and attack surface management

Uncover adversaries with new Microsoft Defender threat intelligence products The threat landscape is more sophisticated than ever and damages have soared—the Federal Bureau of Investigations 2021 IC3 report found that the cost of cybercrime now totals more than USD6.9 billion.1 To counter these...

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...

MVP Health Care secures member portal access with Microsoft Azure Active Directory B2C

Hello! I’m Sue Bohn, Microsoft Vice President of Program Management for Identity and Network Access. In today’s Voice of the Customer blog post, Chief Technology Officer and Chief Information Security Officer David Swits of MVP Health Care shares how Microsoft Azure Active Directory B2C helped th...

3 key resources to accelerate your passwordless journey

Every organization today faces password-related challenges—phishing campaigns, productivity loss, and password management costs to name just a few. The risks now outweigh the benefits when it comes to passwords. Even the strongest passwords are easily phish-able and vulnerable to attacks, such as...

Manage, govern, and get more value out of your data with Azure Purview

Data is the currency of today’s economy. Data is being created faster than ever in more locations than organizations can track. In fact, IDC has predicted that global data will grow to more than 175 zettabytes by 2025. To put that into context, that’s 175 trillion 1GB USB drives. At the same time...

Microsoft announces cloud innovation to simplify security, compliance, and identity

2020 will be remembered as a year of historic transformation. The pandemic has changed the way businesses operate and people work. One thing that has not changed is our basic human nature and the need to feel safe. Being safe and feeling safe is what allows us to do more, create more, and have...

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

Microsoft is dedicated to working with the community and our customers to continuously improve and tune our platform and products to help defend against the dynamic and sophisticated threat landscape. Earlier this year, we announced that we would replace the existing software testing experience...

3 ways Microsoft 365 can help you reduce helpdesk costs

With more people than ever working remotely, organizations must maximize employee productivity while protecting an ever-growing digital footprint. Many have stitched together specialized security solutions from different vendors to improve their cybersecurity posture, but this approach is expensi...

Associate Microsoft and Pradeo to manage and secure Android Enterprise mobile devices

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Want to learn more on how Android Enterprise works with existing mobility management and security solutions? This article will explain how Android Enterprise fits in a...

Afternoon Cyber Tea: Peak, Plateau, or Plummet? Cyber security trends that are here to stay and how to detect and recover from ransomware attacks

The rapidity of change in the cyberthreat landscape can be daunting for today’s cyber defense teams. Just as they perfect the ability to block one attack method, adversaries change their approach. Tools like artificial intelligence and machine learning allow us to pivot quickly, however, knowing...

Best security, compliance, and privacy practices for the rapid deployment of publicly facing Microsoft Power Apps intake forms

With the dawn of the COVID-19 pandemic, state and federal agencies around the globe were looking at ways to modernize data intake for social services recipients. The government of a country of about 40 million citizens reached out to Microsoft and asked us to assist in this endeavor. Going...

Modernizing the security operations center to better secure a remote workforce

The response to COVID-19 has required many security operations centers SOCs to rethink how they protect their organizations. With so many employees working remotely, IT groups are routing more traffic directly to cloud apps, rather than through the network. In this model, traditional network...

New Microsoft Security innovations and partnerships

Today on the Official Microsoft Blog, Ann Johnson, Corporate Vice President of the Cybersecurity Solutions Group, shared how Microsoft is helping turn the tide in cybersecurity by putting artificial intelligence AI in the hands of defenders. She announced the general availability of Microsoft...

Rethinking cyber scenarios—learning (and training) as you defend

In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and final post in the series, Keenan and I...

Securing the modern workplace with Microsoft 365 threat protection – part 3

This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security. Detecting ransomware in the modern workplace Over the last two weeks, we have shared with you the roots of Microsoft 365 threat protection and how Microsoft 365 threat protect helps protect the modern...

Invisible resource thieves: The increasing threat of cryptocurrency miners

The surge in Bitcoin prices has driven widescale interest in cryptocurrencies. While the future of digital currencies is uncertain, they are shaking up the cybersecurity landscape as they continue to influence the intent and nature of attacks. Cybercriminals gave cryptocurrencies a bad name when...

Threat actors strive to cause Tax Day headaches

Threat actors often take advantage of current events and major news headlines to align attacks and leverage social engineering when people could be more likely to be distracted or misled. Tax season is particularly appealing to threat actors because not only are people busy and under stress, but ...

Microsoft continues to innovate to help secure small businesses

Small and medium-sized businesses are at the heart of our economy and are dedicated to driving value for their customers, whether that means trying new recipes, exploring new inventory, expanding services, arranging the shop so it’s easier to navigate, or keeping the shelves stocked with the...

Cyber Signals: 3 strategies for protection against ransomware

The “as a service” business model has gained widespread popularity as growing cloud adoption has made it possible for people to access important services through third-party providers. Given the convenience and agility of service offerings, perhaps it shouldn’t be surprising that the “as a servic...

A multidimensional approach to journalism security

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Runa Sandvik, Former...

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center MSTIC has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers CSP, managed service providers MSP, and other IT services organizations...

Combat attacks with security solutions from Trustwave and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In 2021, cyberattacks and instances of ransomware demands against companies, agencies, and institutions have dominated the headlines. These kinds of attacks are on the rise and often...

How a positive hybrid work culture can help you to mitigate insider risk

As Vasu Jakkal recently shared, we are operating in the most sophisticated threat landscape ever seen, and coupled with the next great disruption—hybrid work—security is more challenging than ever. Protecting from external threats is only one part of the challenge, though. You also must protect...

EDR in block mode stops IcedID cold

We are happy to announce the general availability of endpoint detection and response EDR in block mode in Microsoft Defender for Endpoint. EDR in block mode turns EDR detections into real-time blocking of malicious behaviors, malware, and artifacts. It uses Microsoft Defender for Endpoint’s...

Advanced protection for web applications in Azure with Radware’s Microsoft Security integration

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA here. The state of application security Companies face a wide range of security challenges, such as Open Source Foundation for Application Security Project OWASP vulnerabilities,...

Force firmware code to be measured and attested by Secure Launch on Windows 10

You cannot build something great on a weak foundation – and security is no exception. Windows is filled with important security features like Hypervisor-protected code integrity HVCI and Windows Defender Credential Guard that protect users from advanced hardware and firmware attacks. For these...

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don’t just sniff out threats,...

Afternoon Cyber Tea: Revisiting social engineering: The human threat to cybersecurity

Most of us know ‘Improv’ through film, theatre, music or even live comedy. It may surprise you to learn that the skills required for improvisational performance art, can also make you a good hacker? In cybersecurity, while quite a bit of focus is on the technology that our adversaries use, we mus...

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

The application of deep learning and other machine learning methods to threat detection on endpoints, email and docs, apps, and identities drives a significant piece of the coordinated defense delivered by Microsoft Threat Protection. Within each domain as well as across domains, machine learning...

Barracuda and Microsoft: Securing applications in public cloud

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Barracuda Cloud Application Protection CAP platform features integrations with Microsoft Azure Active Directory Azure AD and Azure Security Center. A component of CAP,...

Moving to cloud-based SIEM: the cost advantage

Companies weigh multiple factors in any technology implementation, balancing risks with business needs and IT capabilities. And while the same is true with cloud-based security information and event management SIEM solutions, cost overwhelmingly shapes the discussion as well. For example, accordi...

Managing risk in today’s IoT landscape: not a one-and-done

The reality of securing IoT over time It’s difficult to imagine any aspect of everyday life that isn’t affected by the influence of connectivity. The number of businesses that are using IoT is growing at a fast pace. By 2021, approximately 94 percent of businesses will be using IoT. Connectivity...

Real-life cybercrime stories from DART, the Microsoft Detection and Response Team

When we published our first blog about the Microsoft Detection and Response Team DART in March of 2019, we described our mission as responding to compromises and helping our customers become cyber-resilient. In pursuit of this mission we had already been providing onsite reactive incident respons...

New Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial Base

As Department of Defense DoD Chief Information Officer Hon. John Sherman said recently, Cybersecurity Maturity Model Certification CMMC is necessary to ensure that the United States raises the bar for protecting sensitive information.1 The DoD is leading by example towards this goal by implementi...

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that...

Simplified endpoint management with Microsoft Intune Suite: Adopting a long-term approach with intelligence and automation

The last couple of years have been difficult, with many organizations operating in a response mode. From a global pandemic to an economic downturn to increasing security risks, teams are under more pressure than ever to deliver greater cyber security and do more with less. This responsive approac...

The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)

With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to...

Cybersecurity health and how to stay ahead of attackers with Linda Grasso

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Linda Grasso, the...

Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

Our story begins with eight Microsoft Detection and Response Team DART analysts gathered around a customer’s conference room to solve a cybersecurity mystery. Joined by members of the customer’s cybersecurity team, they were there to figure out how a Russia-based nation-state hacking group known ...