Select Page
Global distribution map displaying exposed Boa web servers over the span of a week.

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially ... continue reading
Screenshot of a BATLOADER landing site that poses as a TeamViewer website hosting a fake installer.

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed ... continue reading
Flowchart for Azure Active Directory issuing tokens.

Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has ... continue reading

Embrace and Secure Multicloud with Entra Permissions Management

Today, we’ve seen the majority of organizations embrace a multicloud deployment strategy for their applications and workloads in the cloud. Consequently, the number of high-risk cloud permissions has exponentially multiplied, which expands the cloud attack surface. Security leaders and practitioners ... continue reading
Illustration of two circles coming together to illustrate two approaches to integrating the Acquisition within the organization’s IT environment. This can be to either directly connect to the IT environment of the acquisition and keep existing systems or migrate all information into the Parent organizations environment.

Microsoft Security tips for mitigating risk in mergers and acquisitions

Sixty-two percent of organizations that undertake mergers and acquisitions face significant cybersecurity risks or consider cyber risks their biggest concern post-acquisition.1 Threat actors that focus on corporate espionage often target the acquiring company, which we will refer to as the ... continue reading
This diagram shows the linear progression of earlier Raspberry Robin infections.

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to ... continue reading
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society. Shifting ransomware payloads over time from BlackCat, ... continue reading
Map showing global distribution of Draytek Vigor devices exposed to the Internet

Securing IoT devices against attacks that target critical infrastructure

South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face ... continue reading
Architectural diagram for project Caliptra.

Delivering consistency and transparency for cloud hardware security

This post was co-authored by Mark Russinovich, CTO and Technical Fellow, Azure, and Bryan Kelly, Partner Architect, Azure Hardware Systems and Infrastructure. When it comes to building the Microsoft Cloud, our work to standardize designs for systems, boards, racks, and ... continue reading
Three of Microsoft Defender for Cloud listed from left to right: DevOps Security Management, Cloud Security Posture Management, and Cloud Workload protection.

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized mitigations ... continue reading