Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading
Breaking down NOBELIUM’s latest early-stage toolset
As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as ... continue reading
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed ... continue reading
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the ... continue reading
Decrypting the Selection of Supported Kerberos Encryption Types
In recent months Microsoft support has received a lot of questions regarding disabling RC4 for the encryption of Kerberos tickets. If I had to guess the CIS L1 Baseline and RFC 8429 guidance to disable RC4 is responsible for much ... continue reading
Taking Transport Layer Security (TLS) to the next level with TLS 1.3
Transport Layer Security (TLS) 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170, the first step in a broader rollout to Windows 10 systems. TLS 1.3 is the latest version of the internet’s ... continue reading
Add Customized Images for Video in Teams and the Added Security
IntroductionThis is John Barbare and I am a Sr Premier Field Engineer at Microsoft focusing on all things in the Cybersecurity space. In this guide and tutorial, I will walk you through the steps of changing you background and adding ... continue reading
Part 4 – SQL Server TDE and Extensible Key Management Using Azure Key Vault
Configure SQL Server This is Part: 4 of a 4-part blog series: After setting up Azure Active Directory and registering the AAD Application and additionally creating an Azure Key Vault, the next step is to put it all together in ... continue reading
A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack Pt 6 – M365 Integration
For our final stop in the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing M365 Integration. For anyone new joining us on this journey please ensure you check out Part I: Overview, Part ... continue reading
A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack Part 5 – Data
For our fourth stop in the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing Data security. For anyone new joining us on this journey please ensure you check out Part I: Overview, Part ... continue reading
