Select Page
This diagram illustrates the typical infection chain of this Android malware. The infection starts from an SMS message that contains a malicious link that leads to the malicious APK.

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

Our analysis of a recent version of a previously reported info-stealing Android malware, delivered through an ongoing SMS campaign, demonstrates the continuous evolution of mobile threats. Masquerading as a banking rewards app, this new version has additional remote access trojan ... continue reading
JoelVickery_0-1657509496356.png

The RC4 Removal Files Part 3 – The “Everything Else” Of It

I’m not a fan of folks that glaze over problems, not that I’m a pessimist mind you, I do my fair share of finding the bright side of bad situations. When this RC4 project started, I heard lots of optimistic ... continue reading
Graphical user interface, text, application

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little ... continue reading
Graphical user interface, text, application

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little ... continue reading
A diagram of how the Wireless Application Protocol billing process works. Interactions between the mobile device and premium service provider are mapped out, from the moment the device browses through services until the confirmation of service subscription.

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to ... continue reading
Troubleshooting HTTP/3 in http.sys

Troubleshooting HTTP/3 in http.sys

HTTP/3 is a major change to HTTP. It switches away from using TCP as a transport and TLS separately to using QUIC as a transport which has TLS 1.3 or higher built in. These changes mean that migrating from HTTP/2 ... continue reading
Confidential Virtual Machine in Azure Portal.

Meet PCI compliance with credit card tokenization

In building and running a business, the safety and security of your and your customers' sensitive information and data is a top priority, especially when storing financial information and processing payments are concerned. The Payment Card Industry Data Security Standard ... continue reading
Overview of Azure Monitor

Observability from cloud to edge in Azure

This post is co-authored by Rahul Bagaria, Principal Product Manager, Azure Monitor Customer Success Our customers are transforming their digital environments, whether migrating workloads to Azure, building new cloud-native apps, or unlocking new scenarios at the edge. As they combine ... continue reading

What you need to know about how cryptography impacts your security strategy

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla ... continue reading
DagmarHeidecker_0-1633936309439.png

NDES Security Best Practices

Hi, I am Dagmar, working for the Microsoft Compromise Recovery Security Practice team. As NDES (Network Device Enrollment Server) – if misconfigured or not secured and hardened properly – can be a door opener for the compromise of an Active ... continue reading