Select Page

Announcing new Adversary Detection and Compromised Recovery services

This post is authored by Berk Veral, Senior Marketing Communication Manager, Enterprise Cybersecurity Group. Perhaps one of the best-kept secrets within Microsoft cybersecurity services is the Global Incident Response and Recovery team. We affectionately call them the “GIRR” team for ... continue reading
Windows Server 2016 labs

Credential Guard lab companion

If you have heard about Credential Guard in Windows Server 2016 (and in Windows 10), but do not have an environment to try it out, here is a lab environment we built for you to play. Lab access The link ... continue reading
wannacrypt1

WannaCrypt ransomware worm targets out-of-date systems

On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches ... continue reading
Initial alerts triggered by PowerShell activities as detected by Windows Defender ATP

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations ... continue reading
jea_pswa_1

Leverage PowerShell Just Enough Administration for your Helpdesk

[Today’s guest post was authored by Dan Cuomo based on a real-world application of JEA] Hi Folks — Platforms PFE Dan Cuomo here to talk about one method to enable the use of Just Enough Administration for your helpdesk administrators ... continue reading
java-malware-sample-email

Combating a spate of Java malware with machine learning in real-time

In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert systems and machine learning models, Windows 10 PCs get ... continue reading
60140-1

How to increase DPM 2016 replica when using Modern Backup Storage (MBS)

There may be circumstances where the replica volume for a protected data source is under allocated or a very large increase of protected data results in synchronization or recovery point job failures due to inadequate space on the replica. Some ... continue reading
tech-support-scam-countries

Tech support scams persist with increasingly crafty techniques

(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines.) Millions of users continue to encounter technical support scams. Data from Windows Defender ... continue reading
60144-1

Change Block Tracking needs to be reset if another backup product has protected a VMWare VM prior to DPM

In this scenario, the VMWare HostVCenter server has successfully been connected in DPM. However, Replica creation, Consistency Checks, Recovery points fail with the noted error below (Some other similar errors but with same resolution). DPMUI Error: DPM encounterd error from ... continue reading
Execution stages of the exploit package and corresponding functionality

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The ... continue reading