Select Page

Backup and restore to URL for S3-compatible object storage

Part of the SQL Server 2022 blog series.Backup and restore to simple storage service (S3)compatible object storage is a new feature introduced in SQL Server 2022 that grants the user the capability to back up or restore their databases using S3-compatible ... continue reading
A diagram of the attack chain. It presents the flow of activity from left to right, starting with the attacker gaining access to its target tenant and leading to spam messages being sent to targets.

Malicious OAuth applications used to compromise email servers and spread spam

Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange servers and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against high-risk accounts ... continue reading
Using WSL 2 on Windows Server 2022 to run Linux containers

Using WSL 2 on Windows Server 2022 to run Linux containers

Windows Subsystem for Linux 2 (WSL 2) is one of the most popular features for developers on Windows 10 and 11. It has recently been made available on Windows Server 2022. With this addition, you can now run Linux containers ... continue reading
An organizational chart of the different threat actors that worked together in attacking the Albanian government. The top level mentions Iran's Ministry of Intelligence and Security as the sponsor organization. A table on the left side lists down the threat actor group names and their corresponding aliases.

Microsoft investigates Iranian attacks against the Albanian government

Shortly after the destructive cyberattacks against the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged by the Albanian government to lead an investigation into the attacks. At the time of the attacks and our engagement ... continue reading
Infection chain describing the usual tactics and techniques used by DEV-0270 actor group.

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including ... continue reading

SCOM Management pack for Certificate Monitoring

We are excited to announce the release of SCOM management pack for Certificate monitoring! This has been a long standing ask in User Voice (Windows Certificate Monitoring in SCOM) and this MP enables SCOM customers to monitor certificates deployed in ... continue reading
Troubleshooting SDN Windows Admin Center Certificates

Troubleshooting SDN Windows Admin Center Certificates

If you checked out our WAC 2208 Public Preview of SDN extensions, you may be presented with a notification like the below when attempting to load Virtual Networks and/or Logical Networks: The underlying connection was closed: Could not establish trust ... continue reading
How To Linux: A Windows Administrator’s Guide to Linux for the Newbie

How To Linux: A Windows Administrator’s Guide to Linux for the Newbie

Well, it’s long overdue that I left the comfort of my Windows GUI and ventured into the world of Linux. Mind you I have dabbled a very little bit over the years, watched some training videos about 18 years ago, ... continue reading
Az Stack HCI: Software Defined Networking (SDN) extensions reach General Availability for WAC

Az Stack HCI: Software Defined Networking (SDN) extensions reach General Availability for WAC

Software Defined Networking is Azure-inspired Networking in your datacenter and at the edge, learn more below: Plan for and deploy SDN infrastructure on Azure Stack HCI - Learn | Microsoft Docs  Implement Datacenter Firewall and Software Load Balancer on Azure ... continue reading
Screenshot of a section of a configuration file.

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. NOBELIUM remains highly active, executing multiple campaigns in parallel targeting government ... continue reading