Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet formerly Storm-1789, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...

Social engineering attacks lure Indian users to install Android banking trojans

Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages designed to steal users’ information for financial fraud. Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users...

Starting your journey to become quantum-safe

There’s no doubt we are living through a time of rapid technological change. Advances in ubiquitous computing and ambient intelligence transform nearly every aspect of work and life. As the world moves forward with new advancements and distributed technologies, so too does the need to understand...

New Microsoft security tools to protect families and businesses

Today marks an exciting milestone in Microsoft’s AI journey. This morning, at an event in New York City, we made several major announcements to empower people across work and life—you can read more about Microsoft Bing and Edge with Copilot, what’s new from Microsoft 365 Copilot and Bing Chat...

Public preview: Improve Win32 app security via app isolation

The post Public preview: Improve Win32 app security via app isolation appeared first on Microsoft Security Blog...

Join our digital event to learn what’s new in Microsoft Entra

Editors note 6/15/2023: This blog has been updated to reflect the new date for this event, which is now July 11, 2023. It was previously scheduled for June 20, 2023. In today’s interconnected world, there’s virtually no limit to what technology can help us achieve. Millions of connections happen...

DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit

Adversary-in-the-middle AiTM phishing kits are part of an increasing trend that is observed supplanting many other less advanced forms of phishing. AiTM phishing is capable of circumventing multifactor authentication MFA through reverse-proxy functionality. DEV-1101 is an actor tracked by Microso...

How to build a secure foundation for identity and access

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Christina Richmond, a...

The door is open for anyone to become a cyber defender

Throughout Cybersecurity Awareness Month, Microsoft has highlighted the importance of cybersecurity and provided resources to help people and organizations stay safe. It’s great to have this month as a reminder, and even better if that awareness becomes a year-round endeavor. Education is really...

Secure your endpoints with Transparity and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Endpoint protection platforms EPPs are dead and no longer sufficient to protect your organization, right? Wrong. When it comes to cybersecurity, the ability to normalize and correlat...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools

This month, Microsoft has been recognized by Gartner® as a Leader in the 2022 Magic Quadrant for Unified Endpoint Management UEM Tools. This blog post outlines the “so what” for IT leaders, and why we believe this Gartner analysis deserves your focus right now. As you see in the Magic Quadrant in...

Cyber Signals: Defend against the new ransomware landscape

Today, Microsoft is excited to publish our second edition of Cyber Signals, spotlighting security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. In this edition, we pull back the curtain on the evolving cybercrime economy and the rise of...

Connect with Microsoft Security experts at the 2022 Gartner Identity & Access Management Summit

The transition to a remote and hybrid workforce happened fast during a time of uncertainty, and IT professionals rose to the challenge with ingenuity and dedication. But two years in, many IT teams are still responding with patchwork solutions to enforce identity and access management IAM across ...

Secure access for a connected world—meet Microsoft Entra

What could the world achieve if we had trust in every digital experience and interaction? This question has inspired us to think differently about identity and access, and today, we’re announcing our expanded vision for how we will help provide secure access for our connected world. Microsoft Ent...

Streamlining employee onboarding: Microsoft’s response to the Great Reshuffle

In 2021, workers everywhere reevaluated their professional and personal choices, leading to what became known as the Great Resignation. In 2022, a new trend that many are calling the Great Reshuffle has emerged, with 43 percent of the workforce saying they’re very likely to consider changing jobs...

Microsoft launches Defender for Business to help protect small and medium businesses

Happy National Small Business Week1 in the United States! Small and medium businesses SMBs are the bedrock of our economy, representing 90 percent of businesses and more than 50 percent of employment worldwide.2 As we celebrate their innovation and contributions this week, it’s important to...

Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

We are excited to share that Microsoft has been named a leader in The Forrester Wave: Enterprise Detection and Response, Q1 2022. Microsoft received one of the highest scores in the strategy category and strength of current offering category. In the Forrester Wave assessment, Microsoft Defender f...

Microsoft Security delivers new multicloud capabilities

In times of great change, challenges and opportunities can be found in many directions. This is certainly true in IT and cybersecurity. Today, while navigating a pandemic, frequent supply chain shocks, and global talent shortages, organizations around the world are forced to confront sophisticate...

US Government sets forth Zero Trust architecture strategy and requirements

To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order EO 14028 on Improving the Nation’s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.1 Section 3 of EO 14028...

4 best practices to implement a comprehensive Zero Trust security approach

Today’s threat actors don’t see barriers, they see opportunities. As the old firewalls protecting the corporate network become obsolete amid the rush to adopt a hybrid workspace, implementing Zero Trust security has become an imperative across all sectors, both public and private. During this tim...

Build a privacy-resilient workplace with Microsoft Priva

Today, we celebrate international Data Privacy Day. This day reminds us of the importance of respecting privacy, safeguarding data, and enabling trust. However, annual reminders are insufficient to drive material change, which can be seen in the effectiveness rates of one-off trainings. According...

Microsoft is a 5-time Leader in the Gartner Magic Quadrant for Access Management

We are honored that Gartner recognized Microsoft as a Leader in Gartner® Magic QuadrantTM for Access Management in Microsoft Azure Active Directory Azure AD. In addition, Microsoft has placed the farthest right on the “Completeness of Vision” axis. None of this is possible without you, our...

How Microsoft Defender for IoT can secure your IoT devices

Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks specifically targeting IoT devices used in enterprise environments as well as operational technology OT devices used in industrial systems and critical infrastructure like ICS/SCADA. It’s not surprisi...

Encouraging women to embrace their cybersecurity superpowers

The cybersecurity challenges of today require a diversity of skills, perspectives, and experiences, yet women remain underrepresented in this field. On International Women’s Day, some Microsoft Security women leaders penned a powerful blog highlighting the underrepresentation of women in...

Step 5. Set up mobile device management: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 5. Set up mobile device management,” you’ll learn how to plan your Microsoft Intune deployment and set up Mobile Device Management MDM ...

How Microsoft tools and partners support GDPR compliance

This post is authored by Daniel Grabski,Executive Security Advisor, Microsoft Enterprise Cybersecurity Group. As an Executive Security Advisor for enterprises in Europe and the Middle East, I regularly engage with Chief Information Security Officers CISOs, Chief Information Officers CIOs and Data...

Typosquatted npm packages used to steal cloud and CI/CD secrets

In this article 1. Attack chain overview 1. The lure: typosquats and spoofed metadata 2. Execution: npm lifecycle hook abuse 3. Gen-1 stager: HTTP C2 beacon and payload drop 4. Gen-2 stager: abusing the legitimate Bun runtime as a loader 5. Credential theft 6. Impact and blast radius 2. Mitigatio...

What’s new in Microsoft Security: May 2026

At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should be ambient and autonomous, just like the AI it protects. As organizations accelerate AI adoption, security teams are navigating...

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...

Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​

We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management SIEM.1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...

From classroom to cyberfront: Unlocking the potential of the next generation of cyber defenders

In a world where the digital frontier is expanding and cyberattacks are becoming more sophisticated with speed and scale, the guardians of our virtual realms have never been in greater demand.1 It’s important to leverage this year’s Cybersecurity Awareness Month to celebrate the people who keep u...

Cloud storage security: What’s new in the threat matrix

Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in April 2021 as detailed in the blog post Thre...

Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks

I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview ha...

Cryptojacking: Understanding and defending against cloud compute resource abuse

In cloud environments, cryptojacking – a type of cyberattack that uses computing power to mine cryptocurrency – takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants. Cloud compute resource abuse could result in financial loss to targeted...

Cyber Signals: Shifting tactics fuel surge in business email compromise

Today we released the fourth edition of Cyber Signals highlighting a surge in cybercriminal activity around business email compromise BEC. Microsoft has observed a 38 percent increase in cybercrime as a service CaaS targeting business email between 2019 and 2022.1 Successful BEC attacks cost...

See product news and on-demand sessions from Microsoft Secure

“Great speakers and very knowledgeable.” “Brilliant.” “Wonderful and very useful.” The first Microsoft Secure on March 28, 2023, was a huge success—as this attendee feedback shows. Our virtual event brought together more than 20,000 security professionals eager to learn security best practices an...

Microsoft achieves first native Cloud Data Management Capabilities certification

Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities CDMC 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part of the EDM Council’s...

Do more with less—Discover the latest Microsoft Entra innovations

It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyon...

Microsoft named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Information and Event Management

Security operations teams are overwhelmed trying to protect their organizations against an onslaught of cyberattacks, including a 92 percent rise in ransomware attacks.1 Too often, existing security tools are siloed or not designed to meet the needs of today’s hybrid cloud environment. The result...

Secure your endpoints with Transparity and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Endpoint protection platforms EPPs are dead and no longer sufficient to protect your organization, right? Wrong. When it comes to cybersecurity, the ability to normalize and correlat...

How one Microsoft software engineer works to improve access management

There’s still a perception that the most successful computer scientists learn programming at a young age, study engineering at a top school, and then get a software development job right out of college. While that’s how many people enter the field, it’s not the only path. Microsoft Software...

Discover the anatomy of an external cyberattack surface with new RiskIQ report

The internet is now part of the network. That might sound like hyperbole, but the massive shift to hybrid and remote work and a multicloud environment means security teams must now defend their entire online ecosystem. Recent ransomware attacks against internet-facing systems have served as a...

Microsoft CRSP shares the ways human behavior affects compromise recovery

The Microsoft Compromise Recover Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across all organizations public and private, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place. As ...

2.5 million-plus cybersecurity jobs are open—women can fill them

This month is Women’s History Month and today is International Women’s Day—a time to reflect as individuals, societies, and industries on our progress for quality and equity for women. As a woman working in cybersecurity, I know firsthand that engaging girls, women, and people of color in...

Your guide to mobile digital forensics

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cellebrite Senior Director of...

Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense

Todays threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centers SOCs must be equipped with the tools and insight to identify and resolve potentially high-impact threa...

Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack

This is the third in a four-part blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pul...

Protect your business with Microsoft Security’s comprehensive protection

Securing an organization has never been simple. But over the past year, we’ve seen significant changes in the threat landscape that are having a major impact on organizations of every size in every sector. The frequency and sophistication of cyber events have increased significantly. We see...