Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques
Today’s cybersecurity threats continue to find ways to fly and stay under the radar. Cybercriminals use polymorphic malware because a slight change in the binary code or script could allow the said threats to avoid detection by traditional antivirus software ... continue reading
How to protect your CAD data files with MIP and HALOCAD
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Computer-aided design (CAD) files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files contain confidential ... continue reading
A guide to balancing external threats and insider risk
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Rockwell Automation Vice ... continue reading
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts ... continue reading
The evolution of a matrix: How ATT&CK for Containers was built
Note: The content of this post is being released jointly with the Center for Threat-Informed Defense. It is co-authored with Chris Ante and Matthew Bajzek. The Center post can be found here. As containers become a major part of many ... continue reading
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading
MISA expands portfolio and looks ahead during Microsoft Inspire
This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA. Welcome to fiscal year 2022 (FY22) and my first official blog as the MISA Lead. It’s been a whirlwind couple of months getting up ... continue reading
How Microsoft Security empowers partners to build customer trust
As I reflect on my first year at Microsoft, it was both challenging and exceptional: from my remote onboarding in the middle of a pandemic to dramatic changes in the cyber landscape, to Microsoft’s critical role as a frontline responder ... continue reading
Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out ... continue reading
Manage RDP and SSH connectivity at scale with Azure Bastion
Securely manage remote connectivity at scale Security is at the forefront of user and administrator connectivity to cloud services. As enterprises continue to move mission-critical applications to the cloud, the need for secure, scalable, and reliable remote public connectivity and ... continue reading
