Select Page

Accelerating capital markets workloads for Murex on Azure

The financial services industry is constantly evolving to meet customer and regulatory demands. It is facing a variety of challenges spanning people, processes, and technology. Financial institutions (FIs) need to continuously accelerate to achieve technology and innovation while maintaining scale, ... continue reading

Reading Configuration Manager Status Messages With PowerShell

Q: I can read Configuration Manager status messages using the Monitoring tab. Can I do it using PowerShell? A: Yes you can! We can accomplish this using SQL/WQL queries, plus the Win32 function FormatMessage. Better understanding Status Messages Before we ... continue reading

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog ... continue reading
Associating a WAF policy to an Azure Front Door

Simplify and centralize network security management with Azure Firewall Manager

We are excited to share that Azure Web Application Firewall (WAF) policy and Azure DDoS Protection plan management in Microsoft Azure Firewall Manager is now generally available. With an increasing need to secure cloud deployments through a Zero Trust approach, ... continue reading
Screenshot of BlackCat ransomware deployment options and subcommands with corresponding descriptions.

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy. It’s noteworthy due to its unconventional programming language (Rust), multiple target devices and possible entry points, and affiliation ... continue reading
Intrusion Detection and Prevention System signatures table

Learn what’s new in Azure Firewall

This post was co-authored by Suren Jamiyanaa, Program Manager 2, Azure Networking. We continue to be amazed by the adoption, interest, positive feedback, and the breadth of use cases customers are finding for our service. Today, we are happy to ... continue reading
BrandonWilson_0-1654703414788.png

A Light Overview of Microsoft Security Products

Hi, Alan here today to lightly cover something I have been asked by customers in regard to Microsoft’s security products....and that is “what defender products does Microsoft have and what are they used for?”. Well, it’s a good question, so ... continue reading
Figure 1 displays a diagram depicting a typical attack flow for XorDdos malware. The attacker communicates with a bot to SSH brute force a target device and download XorDdos. The malware then performs several techniques for evasion and persistence before connecting with the attacker's C2 server to send data and receive commands.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as ... continue reading
WillAftring_0-1651759798268.png

Introduction to Network Trace Analysis Part 0: Laying the Groundwork

Hi everyone, this is Will Aftring again with the Windows Debug team, here to lay the groundwork for a new series on how to get started with network trace analysis. This is not an introduction to networking. Many of the networking ... continue reading
Diagram showing the relationship between players in the ransomware-as-a-service affiliate model. Access brokers compromise networks and persist on systems. The RaaS operator develops and maintain tools. The RaaS affiliate performs the attack.

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal ... continue reading