Select Page
ZINC attacks against security researchers

ZINC attacks against security researchers

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private ... continue reading
Timeline graph showing developments in the Solorigate attack

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

More than a month into the discovery of Solorigate, investigations continue to unearth new details that prove it is one of the most sophisticated and protracted intrusion attacks of the decade. Our continued analysis of threat data shows that the ... continue reading

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into ... continue reading
Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact

Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact

GDPR, HIPPA, GLBA, all 50 U.S. States, and many countries have privacy breach reporting requirements. If an organization experiences a breach of customer or employee personal information, they must report it within the required time frame. The size and scope ... continue reading
Diagram of the high-level Solorigate attack chain

Using Microsoft 365 Defender to protect against Solorigate

Microsoft security researchers continue to investigate and respond to the sophisticated cyberattack known as Solorigate (also referred to as Sunburst by FireEye) involving a supply chain compromise and the subsequent compromise of cloud assets. While the related investigations and impact ... continue reading
Advice for incident responders on recovery from systemic identity compromises

Advice for incident responders on recovery from systemic identity compromises

As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the ... continue reading
ryanjadams_0-1605022921759.jpeg

Always Encrypted Data Displayed in SSRS with a gMSA

Let's take a look at how to display Always Encrypted Data in SSRS with a gMSA (Group Managed Service Account). We are mixing some technologies and the one that throws a wrench into things is the gMSA. Here is the ... continue reading
Screenshot of search results page on an affected machine and one affected by Adrozed

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to ... continue reading
Diagram showing IcedID attack chain, with labels identifying what stage the attack was stopped

EDR in block mode stops IcedID cold

We are happy to announce the general availability of endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint. EDR in block mode turns EDR detections into real-time blocking of malicious behaviors, malware, and artifacts. It uses ... continue reading
Azure Security Center / Azure Defender

Microsoft Secure Score Across the Microsoft Security Stack

Introduction This is John Barbare and I am a Sr. Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In this blog I will walk you through various Microsoft products from the Microsoft Security Stack and explain ... continue reading