Defend against zero-day exploits with Microsoft Defender Application Guard
Zero-day security vulnerabilities—known to hackers, but unknown to software creators, security researchers, and the public—are like gold to attackers. With zero-days, or even zero-hours, developers have no time to patch the code, giving hackers enough access and time to explore ... continue reading
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading
Deploying Windows 10 Application Control Policy
Dear IT Pros, Today we discuss about All things about WDAC – Windows Defender Application Control. WDAC was introduced with Windows 10 and could be applied to Windows server 2016 and later, its older name is Configurable Code Integrity (CCI) ... continue reading
Surface expands its Secured-core portfolio with the new Surface Laptop 4 powered by AMD Ryzen™ Mobile Processors
As operating systems are becoming more secure and resistant to compromise, advanced vectors like firmware, kernel and hardware direct memory access (DMA) have emerged as new favored targets for threat actors. Recent trends indicate a substantial growth in the number ... continue reading
Securing a Windows Server VM in Azure
If you've built and managed Windows Servers in an on-premises environment, you may have a set of configuration steps as well as regular process and monitoring alerts, to ensure that server is as secure as possible. But if you run ... continue reading
Demystifying Ransomware Attacks Against Microsoft Defender Solution
Hi IT Pros, As you have known it, Ransomware is in aggravated assault mode at this time of year 2020, the joint cybersecurity advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and ... continue reading
System Management Mode deep dive: How SMM isolation hardens the platform
Ensuring that the platform firmware is healthy and trustworthy is fundamental to guaranteeing that powerful platform security features like Hypervisor-protected code integrity (HVCI) and Windows Defender Credential Guard are functioning as expected. Windows 10 achieves this by leveraging a hardware-based ... continue reading
Force firmware code to be measured and attested by Secure Launch on Windows 10
You cannot build something great on a weak foundation – and security is no exception. Windows is filled with important security features like Hypervisor-protected code integrity (HVCI) and Windows Defender Credential Guard that protect users from advanced hardware and firmware ... continue reading
How to Defend Users from Interception Attacks via SMB Client Defense
Hey folks, Ned here again with another guest post. Today we discuss hardening the SMB protocol in Windows against interception attacks, previously referred to as “Man-in-the-Middle” attacks. As you know, interception attacks involve manipulating communications between client and server. An ... continue reading
VMware Workstation and Hyper-V
As a follow up to our previous post on VMware and Hyper-V Working Together, VMware has released a version of VMware Workstation that works with the Windows Hypervisor Platform (WHP). This release adds support for VMware Workstation running side by ... continue reading
