Select Page
Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. These attacks are now performed by multiple threat actors ranging from financially motivated cybercriminals to state-sponsored groups. To help customers who are not able to immediately ... continue reading
MEM Home

Attack Surface Reduction Rules – Warn Mode with MEM/M365 Defender

Introduction This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In a previous blog back in July, 2020, I walked through a demo of setting up an Attack ... continue reading
USB2.jpg

MEM – All Things About USB Drive Management and Troubleshooting

Dear IT Pros, Today, we would discuss all things about USB flash drives management including access protection, Bitlocker encryption, AV security, and troubleshooting. Firstly, we should not reinvent the wheel, so we start with Paul Bergson’s excellent Tech blog article ... continue reading
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed ... continue reading
HAFNIUM targeting Exchange Servers with 0-day exploits

HAFNIUM targeting Exchange Servers with 0-day exploits

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to ... continue reading
Teaser.png

Importance of Browser Updates and Browser Based Security Controls

Introduction   This is John Barbare and I am a Sr. Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. It has been a while since I have had time to sit down and write a security blog due to studying and making sure I ... continue reading
MDE1.jpg

MDE Antivirus Configuration Common Mistakes and Best Practice

_______________________________________________________ John Barbare and Tan Tran Dear IT Pros, We discuss about Microsoft Defender for Endpoint Antivirus Configuration, Policy and exclusion list in detail to avoid making the common mistakes and to apply the best practice to it. Best Practices ... continue reading
Diagram of high-level Solorigate attack chain

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

­Even as investigations into the sophisticated attack known as Solorigate are still underway, details and insights about the tools, patterns, and methods used by the attackers point to steps that organizations can take to improve their defenses against similar attacks ... continue reading

The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 1

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the first post of our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Jake Williams, ... continue reading
Diagram of the high-level Solorigate attack chain

Using Microsoft 365 Defender to protect against Solorigate

Microsoft security researchers continue to investigate and respond to the sophisticated cyberattack known as Solorigate (also referred to as Sunburst by FireEye) involving a supply chain compromise and the subsequent compromise of cloud assets. While the related investigations and impact ... continue reading