Select Page

WannaCrypt attacks: guidance for Operations Management Suite customers

Strengthening the security posture of your infrastructure is critical in protecting against evolving cyber threats. The following steps are recommended to safeguard your resources against the recent WannaCrypt ransomware attack: This recent WannaCrypt malware exploits a Service Message Block (SMB) ... continue reading
wannacrypt1

WannaCrypt ransomware worm targets out-of-date systems

On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches ... continue reading
Initial alerts triggered by PowerShell activities as detected by Windows Defender ATP

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations ... continue reading
java-malware-sample-email

Combating a spate of Java malware with machine learning in real-time

In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert systems and machine learning models, Windows 10 PCs get ... continue reading
tech-support-scam-countries

Tech support scams persist with increasingly crafty techniques

(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines.) Millions of users continue to encounter technical support scams. Data from Windows Defender ... continue reading
Execution stages of the exploit package and corresponding functionality

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The ... continue reading
figure-1

Five reasons to run SQL Server 2016 on Windows Server 2016 — No. 1: Security

This is the first blog in a five-part series. Keep an eye out for upcoming posts, which will cover cutting costs and improving performance of storage, BI, and analytics; improving uptime and reliability; reaching data insights faster by running analytics ... continue reading
tax-social-engineering-email-malware-4

Tax-themed phishing and malware attacks proliferate during the tax filing season

Tax-themed scams and social engineering attacks are as certain as (death or) tax itself. Every year we see these attacks, and 2017 is no different. These attacks circulate year-round as cybercriminals take advantage of the different country and region tax ... continue reading
nsis-old-vs-new

Ransomware operators are hiding malware deeper in installer packages

We are seeing a wave of new NSIS installers used in ransomware campaigns. These new installers pack significant updates, indicating a collective move by attackers to once again dodge AV detection by changing the way they package malicious code. These ... continue reading
Attacker proficiency and associated techniques

Uncovering cross-process injection with Windows Defender ATP

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel ... continue reading