Select Page
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading
Breaking down NOBELIUM’s latest early-stage toolset

Breaking down NOBELIUM’s latest early-stage toolset

As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as ... continue reading
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed ... continue reading
Timeline graph showing developments in the Solorigate attack

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the ... continue reading
image001.png

Decrypting the Selection of Supported Kerberos Encryption Types

In recent months Microsoft support has received a lot of questions regarding disabling RC4 for the encryption of Kerberos tickets.  If I had to guess the CIS L1 Baseline and RFC 8429 guidance to disable RC4 is responsible for much ... continue reading
Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Transport Layer Security (TLS) 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170, the first step in a broader rollout to Windows 10 systems. TLS 1.3 is the latest version of the internet’s ... continue reading
Add Customized Images for Video in Teams and the Added Security

Add Customized Images for Video in Teams and the Added Security

IntroductionThis is John Barbare and I am a Sr Premier Field Engineer at Microsoft focusing on all things in the Cybersecurity space. In this guide and tutorial, I will walk you through the steps of changing you background and adding ... continue reading
Adrian_Rupp_0-1590520284345.png

Part 4 – SQL Server TDE and Extensible Key Management Using Azure Key Vault

Configure SQL Server This is Part: 4 of a 4-part blog series: After setting up Azure Active Directory and registering the AAD Application and additionally creating an Azure Key Vault, the next step is to put it all together in ... continue reading

A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack Pt 6 – M365 Integration

For our final stop in the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing M365 Integration. For anyone new joining us on this journey please ensure you check out Part I: Overview, Part ... continue reading

A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack Part 5 – Data

For our fourth stop in the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing Data security. For anyone new joining us on this journey please ensure you check out Part I: Overview, Part ... continue reading