Select Page
Figure 1 displays a diagram depicting a typical attack flow for XorDdos malware. The attacker communicates with a bot to SSH brute force a target device and download XorDdos. The malware then performs several techniques for evasion and persistence before connecting with the attacker's C2 server to send data and receive commands.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as ... continue reading
WillAftring_0-1651759798268.png

Introduction to Network Trace Analysis Part 0: Laying the Groundwork

Hi everyone, this is Will Aftring again with the Windows Debug team, here to lay the groundwork for a new series on how to get started with network trace analysis. This is not an introduction to networking. Many of the networking ... continue reading
Diagram showing the relationship between players in the ransomware-as-a-service affiliate model. Access brokers compromise networks and persist on systems. The RaaS operator develops and maintain tools. The RaaS affiliate performs the attack.

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal ... continue reading
Enterprise Scale for Azure VMware Solution

Enterprise Scale for Azure VMware Solution

Enterprise Scale for Azure VMware Solution soon to be Azure VMware Solution Landing Zone Accelerator In this video, from the Azure VMware Solution digital event on March 23, 2022, learn from Sapna Jeswami, Technical Program Manager Microsoft and Prasad Gandham, ... continue reading

Discover the anatomy of an external cyberattack surface with new RiskIQ report

The internet is now part of the network. That might sound like hyperbole, but the massive shift to hybrid and remote work and a multicloud environment means security teams must now defend their entire online ecosystem. Recent ransomware attacks against ... continue reading
Enterprise Mode Site List Manager (schema v.2) tool

Configure IE Mode in Edge with Microsoft Endpoint (Intune)

Hi, my name is Ricardo Carvalho, I am a Customer Engineer working in Modern Workplace and Security in Portuguese Customer Success Unit team. With the Internet Explorer 11 desktop app retirement announced for next June 15, 2022, many customers started ... continue reading
Screenshot of an application UI with lines of code. One of said code lines is highlighted, with an annotation written in a non-English language.

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

On March 31, 2022, vulnerabilities in the Spring Framework for Java were publicly disclosed. Microsoft is currently assessing the impact associated with these vulnerabilities. This blog is for customers looking for protection against exploitation and ways to detect vulnerable installations ... continue reading
mDNS in the Enterprise

mDNS in the Enterprise

James Kehr here with the Windows networking support team. This article covers details about mDNS and recommended best practices when trying to control the protocol designed to make life easier. Starting with Windows 10 1703 Microsoft has included native support ... continue reading
AlanLaPietra_0-1648554341870.png

Microsoft Defender Ecosystem

DEFENDER FOR CLOUD Microsoft Defender for Cloud - an introduction | Microsoft Docs Defender for Cloud is a tool for security posture management and threat protection. It strengthens the security posture of your cloud resources, and with its integrated Microsoft ... continue reading
Azure Front Door is a modern cloud CDN.

Introducing the new Azure Front Door: Reimagined for modern apps and content

This blog has been co-authored by Jessie Jia, Senior Program Manager, Azure Networking and Gunjan Jain, Principal Program Manager, Azure Networking. In 2019, we launched Azure Front Door to bring enterprise-grade content delivery network (CDN) capabilities to our customers. This ... continue reading