Select Page
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted ... continue reading
Making it real—harnessing data gravity to build the next gen SOC

Making it real—harnessing data gravity to build the next gen SOC

This post was coauthored by Diana Kelley, Cybersecurity Field CTO, andSin John,EMEA Chief Security Advisor, Cybersecurity Solutions Group. In our first blog, Diana and I talked about the concept of data gravity and how it could, conceptually, help organizations take ... continue reading
Small businesses targeted by highly localized Ursnif campaign

Small businesses targeted by highly localized Ursnif campaign

Cyber thieves are continuously looking for new ways to get people to click on a bad link, open a malicious file, or install a poisoned update in order to steal valuable data. In the past, they cast as wide a ... continue reading
Attack inception: Compromised supply chain within a supply chain poses new risks

Attack inception: Compromised supply chain within a supply chain poses new risks

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one ... continue reading
Taking apart a double zero-day sample discovered in joint hunt with ESET

Taking apart a double zero-day sample discovered in joint hunt with ESET

In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherpanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel ... continue reading
Machine learning vs. social engineering

Machine learning vs. social engineering

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few ... continue reading
How artificial intelligence stopped an Emotet outbreak

How artificial intelligence stopped an Emotet outbreak

At 12:46 a.m. local time on February 3, a Windows 7 Pro customer in North Carolina became the first would-be victim of a new malware attack campaign for Trojan:Win32/Emotet. In the next 30 minutes, the campaign tried to attack over ... continue reading