IT security: An opportunity to raise corporate governance scores

What is a corporate governance score? Corporate governance scoring is increasingly important to boards of directors, executive leadership, and the investment community. If we want to enlist the support of a stakeholder, we have to talk about the things that are important to them. Sales revenue is...

How IT and security teams can work together to improve endpoint security

For executives in the IT and security spaces, the current climate offers reasons to worry. As workers become accustomed to new flexibility in the workplace, hybrid and remote work options present more challenges. Users want to access corporate resources from their own devices without the...

Microsoft Defender Experts for Hunting proactively hunts threats

Today, we announced the general availability of Microsoft Defender Experts for Hunting to support organizations and their cybersecurity employees with proactive threat hunting. Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft t...

Microsoft announces new solutions for threat intelligence and attack surface management

Uncover adversaries with new Microsoft Defender threat intelligence products The threat landscape is more sophisticated than ever and damages have soared—the Federal Bureau of Investigations 2021 IC3 report found that the cost of cybercrime now totals more than USD6.9 billion.1 To counter these...

Industrial systems: What it takes to secure and staff them

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Patrick C. Miller,...

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

The Microsoft Threat Intelligence Center MSTIC and the Microsoft Security Response Center MSRC found a private-sector offensive actor PSOA using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and...

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services IIS extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little...

How one Microsoft product manager acts as champion for identity security

A technology career embodies the ancient Roman saying that “luck happens when preparation meets opportunity.” Few industries are as dynamic, fast-paced, or intense as technology. With so many challenges to solve, opportunities are everywhere, but as I’ve learned myself through the years, the best...

Discover 5 lessons Microsoft has learned about compliance management

Compliance management is a complex process—one that gets increasingly more complicated the larger an organization grows. Microsoft knows this firsthand, not only because of our experience providing Security and Compliance solutions to customers but also because of the global reach and...

How Microsoft Purview and Priva support the partner ecosystem

Today, many enterprise organizations are multicloud and multiplatform. Critical enterprise data is located across clouds and platforms, requiring security and compliance no matter where it lives. To solve the complexity that comes with these environments, organizations have invested in multiple...

How Microsoft Security partners are helping customers do more with less

There has never been a greater demand for specialized cybersecurity expertise—or a greater opportunity for our partners to support our customers with new services and solutions. Over the last year, the permanent shift to hybrid work has empowered businesses to be remote and mobile. Increased...

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

A group of actors originating from North Korea that Microsoft Threat Intelligence Center MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and h...

Microsoft recognized as a Leader in UEM Software 2022 IDC MarketScape reports

Competition for talent has increased pressure to lead in the digital space, and business decisions now weigh user experience for employees heavily among costs and benefits. Workers insist on experiences that mirror their personal experiences, often on their own devices. As enterprise computing ha...

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure CVD via Microsoft Security Vulnerability Research MSVR in October...

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

A large-scale phishing campaign that used adversary-in-the-middle AiTM phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication MFA. The attackers then used the stolen credentials and session...

Introducing security for unmanaged devices in the Enterprise network with Microsoft Defender for IoT

How many IoT devices are used at your company? If yours is like most organizations, there are probably printers, scanners, and fax machines scattered around the office. Perhaps smart TVs are mounted at reception or in the break room to guide visitors and keep employees up-to-date on company event...

KuppingerCole rates Microsoft as outstanding in functionality for secure collaboration

We are excited to share that Microsoft has been rated "Outstanding in Functionality" in the KuppingerCole Market Compass for Secure Collaboration, May 2022. Microsoft was also the only company to be awarded the highest possible score of "Strong Positive" in all five categories: security,...

Hive ransomware gets upgrades in Rust

Hive ransomware is only about one year old, having been first observed in June 2021, but it has grown into one of the most prevalent ransomware payloads in the ransomware-as-a-service RaaS ecosystem. With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Using process creation properties to catch evasion techniques

We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques breaks some assumptions made by security products and enables...

Microsoft at RSA 2022: Envisioning the future of security

Like most of you, I was glad to see the 2022 RSA Conference return to its in-person roots after a two-year digital hiatus. This year’s event was a great success, drawing 26,000 attendees to three days of cutting-edge security sessions, tutorials, seminars, and special events at Moscone Center in...

How security leaders can help their teams avoid burnout

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Maria...

4 breakthrough ideas for compliance and data security

Compliance management will never be easy, but there are ways to make it simpler and more transparent. Every year, organizations confront a growing volume and diversity of data and ever-evolving industry and government regulations. But the answer to more data, more devices, and more regulations...

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test

In today’s evolving threat landscape, email represents the primary attack vector for cybercrime, making effective email protection a key component of any security strategy.1 In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focus...

Improving AI-based defenses to disrupt human-operated ransomware

Microsoft’s deep understanding of human-operated ransomware attacks, which are powered by a thriving cybercrime gig economy, continuously informs the solutions we deliver to protect customers. Our expert monitoring of threat actors, investigations into real-world ransomware attacks, and the...

Securing your IoT with Edge Secured-core devices

A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65 percent of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices...

How one Microsoft software engineer works to improve access management

There’s still a perception that the most successful computer scientists learn programming at a young age, study engineering at a top school, and then get a software development job right out of college. While that’s how many people enter the field, it’s not the only path. Microsoft Software...

Making the world a safer place with Microsoft Defender for individuals

Today’s sophisticated cyber threats require a modern approach to security. And this doesn’t apply only to enterprises or government entities—in recent years we’ve seen attacks increase exponentially against individuals. There are 921 password attacks every second.1 We’ve seen ransomware threats...

Why strong security solutions are critical to privacy protection

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Ann Cavoukian,...

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...

5 ways to connect with Microsoft Security at Identiverse 2022

Identiverse is where the industry gathers to discuss all things identity. The 2022 conference will take place June 21 to 24 in Denver, Colorado, and I’m absolutely thrilled that Microsoft will be there. At Identiverse, we’ll share how we help customers secure access in a hybrid, multicloud, and...

Announcing 2022 Microsoft Security Excellence Awards winners

Spirits soared at the Microsoft Security Excellence Awards on June 5, 2022. And is it any wonder? The celebration marked the first time that Microsoft executives and Microsoft Intelligent Security Association MISA members had gathered in person in more than two years so it was a special night for...

Exposing POLONIUM activity and infrastructure targeting Israeli organizations

Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center MSTIC tracks as POLONIUM. The associated indicators and tactics were used by the OneDrive team to improve detection of attac...

Microsoft collaborates with Tenable to support federal cybersecurity efforts

On May 12, 2021, the White House issued Presidential Executive Order EO 14028 to establish cybersecurity as a national priority.1 As part of this effort, the White House has called for greater public and private sector collaboration to address the evolving threats facing federal agencies. In the...

Using Python to unearth a goldmine of threat intelligence from leaked chat logs

Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...

Secure access for a connected world—meet Microsoft Entra

What could the world achieve if we had trust in every digital experience and interaction? This question has inspired us to think differently about identity and access, and today, we’re announcing our expanded vision for how we will help provide secure access for our connected world. Microsoft Ent...

Streamlining employee onboarding: Microsoft’s response to the Great Reshuffle

In 2021, workers everywhere reevaluated their professional and personal choices, leading to what became known as the Great Resignation. In 2022, a new trend that many are calling the Great Reshuffle has emerged, with 43 percent of the workforce saying they’re very likely to consider changing jobs...

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...

Anatomy of a DDoS amplification attack

Amplification attacks are one of the most common distributed denial of service DDoS attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where the attacker succeeds in generating more traffic than the target can process, resulting in exhausting its resources...

How to improve risk management using Zero Trust architecture

“Compliance is all about risk management and lessening risk, and the same is true of Zero Trust.” —Abbas Kudrati Whats risk management and why is it important? Risk management, the process of developing a strategy for addressing risk throughout its lifecycle, normally involves four phases: risk...

Beneath the surface: Uncovering the shift in web skimming

Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management...

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based...

So you want to be a CISO: What you should know about data protection

Data is the lifeblood of any organization. Whether you’re a Chief Information Security Officer CISO or aspiring to become one, protecting sensitive business data will be your main priority. But the job isn’t getting any easier. In 2021, the number of data breaches climbed 68 percent to 1,862,...

Easy authentication and authorization in Azure Active Directory with No-Code Datawiza

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. The acceleration of cloud journeys fueled by the pandemic and ever-increasing concerns about data security and information privacy have made access management one of the hottest topi...

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, and t...

Microsoft showcases the future of comprehensive security at RSA 2022

The last time the RSA Conference was held as an in-person event was in 2020. Needless to say, a lot has changed since then. RSA is once again going forward as an in-person and digital event in San Francisco, from June 6 to 9, 2022. After two years of remote interactions, we’re excited to exchange...

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could help new defenders...

Microsoft security experts outline next steps after compromise recovery

Who is CRSP? The Microsoft Compromise Recovery Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the...