Select Page
PowerShell Basics: Connecting to VMs with Azure PSRemoting

PowerShell Basics: Connecting to VMs with Azure PSRemoting

If you use PowerShell on-premises, chances are good you use PSRemoting (or PowerShell Remoting). It allows you to manage systems using remoting tools like Enter-PSSession and Invoke-Command. When you move to Azure, you have similar tooling available when you enable ... continue reading
tax-related phishing document with malicious macro code

Steer clear of tax scams

In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two ... continue reading
Screenshot of Device Restrictions policy and setting

Windows Defender ATP has protections for USB and removable devices

Meet Jimmy. Jimmy is an employee in your company. He Does Things With Computers (official title). Last Wednesday, as Jimmy got out of his car after parking in the company-owned parking lot, he saw something on the ground. That something ... continue reading

Security baseline (FINAL) for Windows 10 v1809 and Windows Server 2019

Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 October 2018 Update (a.k.a., version 1809, “Redstone 5” or “RS5”), and for Windows Server 2019. Download the content from the Microsoft Security Compliance ... continue reading
Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word ... continue reading
Windows Defender Antivirus can now run in a sandbox

Windows Defender Antivirus can now run in a sandbox

Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to ... continue reading

Security baseline (DRAFT) for Windows 10 v1809 and Windows Server 2019

Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows 10 version 1809 (a.k.a., “Redstone 5” or “RS5”), and for Windows Server 2019. Please evaluate these proposed baselines and send us your feedback via ... continue reading
Screenshot of obfuscated script

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV

Consider this scenario: Two never-before-seen, heavily obfuscated scripts manage to slip past file-based detection and dynamically load an info-stealing payload into memory. The scripts are part of a social engineering campaign that tricks potential victims into running the scripts, which ... continue reading
Office VBA + AMSI: Parting the veil on malicious macros

Office VBA + AMSI: Parting the veil on malicious macros

As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for ... continue reading
Small businesses targeted by highly localized Ursnif campaign

Small businesses targeted by highly localized Ursnif campaign

Cyber thieves are continuously looking for new ways to get people to click on a bad link, open a malicious file, or install a poisoned update in order to steal valuable data. In the past, they cast as wide a ... continue reading