Select Page
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China ... continue reading
GA: System-preferred multifactor authentication

GA: System-preferred multifactor authentication

In previous blogs, we've emphasized the importance of multifactor authentication (MFA). Today, organizations and end users are using various authentication methods, providing varying levels of security. Users often choose less secure MFA methods, despite having access to more secure options due ... continue reading
Modernizing Authentication Management

Modernizing Authentication Management

We’re thrilled to announce two key updates to how you manage your authentication experiences! The General Availability of Converged Authentication Methods and Public Preview of a modernized version of multifactor authentication (MFA) Fraud Alert.    The General Availability of Converged ... continue reading
Graphic showing a range of identity protection methods, going from bad to best. The first column on the left shows bad passwords; the second column shows good password; the third column shows better passwords; and the fourth column shows best passwords.

How Microsoft can help you go passwordless this World Password Day

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that ... continue reading
Building Stronger Identity Solutions with New Microsoft Entra Integrations

Building Stronger Identity Solutions with New Microsoft Entra Integrations

I’m excited by this year’s RSA theme of “Stronger Together.” In the Identity and Network Access Division, we believe that everyone must work together to make the world a safer place for all. Leading up to RSA this year, the ... continue reading

Microsoft Entra Change Announcements – March 2023 Train

Hello everyone,  Today, we're sharing our March train for feature and breaking changes. We also communicate these changes on release notes and via email. We are continuing to make it easier for our customers to manage lifecycle changes (deprecations, retirements, ... continue reading
Attack flow of the threat actor through initial access, execution, discovery, persistence, credential access, lateral movement, execution, impact, and communications stages.

MERCURY and DEV-1084: Destructive attack on hybrid environment

Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading

Quick Wins to Strengthen Your Azure AD Security

Every organization strives to reduce the attack surface of their infrastructure to make it secure and reliable.     As team members of the Microsoft Global Compromise Recovery Security Practice (CRSP), we’ve seen time and time again that by improving the ... continue reading

Latest Microsoft Entra advancements strengthen identity security

If you read behind the attention-grabbing headlines, most novel techniques rely on compromised identities.1 In fact, of all the ways an attacker can get into your digital estate, identity compromise is still the most common.2 This makes identity your first ... continue reading
DEV-1101 AiTM tool announcement noting a license as $100 along with contact information and links.

DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit

Adversary-in-the-middle (AiTM) phishing kits are part of an increasing trend that is observed supplanting many other less advanced forms of phishing. AiTM phishing is capable of circumventing multifactor authentication (MFA) through reverse-proxy functionality. DEV-1101 is an actor tracked by Microsoft ... continue reading