Select Page
Combatting Risky Sign-ins in Azure Active Directory

Combatting Risky Sign-ins in Azure Active Directory

It is almost inevitable your organization will be targeted with malicious sign-in attempts to cloud apps. It is often the case an employee uses the same password for their work account as they do for their personal accounts. Password leaks ... continue reading
Graphic detailing three different waves of identity attacks. First is password attacks, which consist of breach replay, password spray, and phishing. Next is multifactor authentication attacks, which includes SIM-jacking, multifactor authentication fatigue, adversary in the middle. Third is post-authentication attacks, including token theft and consent phishing.

2023 identity security trends and solutions from Microsoft

Welcome to 2023! I wanted to kick this year off by having a quick look at the trends in identity security, what you can do about it, and what Microsoft is doing to help you. One of the things we ... continue reading
Chart showing the data that 43 percent of cyber attacks target small businesses and 60 percent of small businesses close within 6 months of cyber breach.

Secure your business like you secure your home: 5 steps to protect against cybercrime

Running a business requires a lot of determination and sometimes a leap of faith. Every day brings a new challenge, and many times it can feel like the stress and uncertainty are too much. That’s when you remind yourself why ... continue reading
Snippet from Group Policy Object, Microsoft Defender Antivirus Policies

How to Manage Microsoft Defender on Windows Server via Intune

As companies adopt Microsoft Defender, there are certain questions coming from customers in terms of EPP management. These questions are mostly focusing on Microsoft Defender management in Windows Servers. I’d like to touch base on different management options for different ... continue reading
Screenshot of FileCoder’s enumeration logic.

Unraveling the techniques of Mac ransomware

Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets. This is evident in the range of industries, ... continue reading
Screenshot of malware code, a script that is used to download a remote code administration tool

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue ... continue reading
Graphical user interface; text

Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple’s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices. We developed a proof-of-concept exploit ... continue reading
A geographical map that presents the countries where the devices affected by the botnet are located. Countries with affected devices are highlighted on the map in blue.

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure ... continue reading

Cyber Signals: Risks to critical infrastructure on the rise

Today, the third edition of Cyber Signals was released spotlighting security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. In this edition, we share new insights on wider risks that converging IT, Internet of ... continue reading
A diagram showing how a malicious IIS module sits between a web server and the client. The malicious IIS module is shown intercepting requests between the web server and client on the BeginRequest, EndRequest, and Error event triggers.

IIS modules: The evolution of web shells and how to detect them 

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector ... continue reading