Select Page
1

Phishers unleash simple but effective social engineering techniques using PDF attachments

The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We’re seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments ... continue reading
Cybercrime Center banner

Detecting threat actors in recent German industrial attacks with Windows Defender ATP

When a Germany-based industrial conglomerate disclosed in December 2016 that it was breached early that year, the breach was revealed to be a professionally run industrial espionage attack. According to the German press, the intruders used the Winnti family of ... continue reading
Exploit and shellcode phases of this attack

Hardening Windows 10 with zero-day exploit mitigations

Cyberattacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely hard to address these attacks. While delivering innovative solutions like Windows Defender Application Guard, which provides ... continue reading
shamoon-depriz-implants

Windows 10: protection, detection, and response against recent Depriz malware attacks

A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over ... continue reading
Email message masquerading as a fax but carrying TrojanDownloader:JS/Crimace.A as attachment

Fake fax ushers in revival of a ransomware family

"Criminal case against you" is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of recipients opening the malicious attachment. We recently discovered a new threat that uses email messages pretending ... continue reading

No payment necessary: Fighting back against ransomware

Any IT professional who’s ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate employees to be vigilant against such threats. And with ransomware attacks only growing, having ... continue reading
Map showing location of observed Soctuseer infections. The United States, Indonesia and India account for 40% of infections

MSRT November 2016: Unwanted software has nowhere to hide in this month’s release

We came across a browser modifier that sports rootkit capabilities. Not only does the threat, detected as BrowserModifier:Win32/Soctuseer, cross the line that separates legitimate software from unwanted, it also takes staying under the radar to the next level. Rootkit capabilities, ... continue reading
Hicurdismos displays a fake BSoD message that has contact details for fake support. Note: The real messages do not include support contact details, nor when you call for support are you asked for payment.

Beware of Hicurdismos: It’s a fake Microsoft Security Essentials installer that can lead to a support call scam

(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines.) Wouldn’t it be a shame if, in trying to secure your PC, you ... continue reading
The graph shows that Locky machine encounters has recently been low

The new .LNK between spam and Locky infection

Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors might be using to keep it going. The decline in Locky activity can be attributed to ... continue reading
blog post - v1607 - screenshot

Security baseline for Windows 10 v1607 (“Anniversary edition”) and Windows Server 2016

Microsoft is pleased to announce the release of the security configuration baseline settings for Windows 10 version 1607, also known as “Anniversary edition” and internally as “Redstone 1”. The downloadable attachment to this blog post includes importable GPOs, tools for ... continue reading