Demystifying Ransomware Attacks Against Microsoft Defender Solution
Hi IT Pros, As you have known it, Ransomware is in aggravated assault mode at this time of year 2020, the joint cybersecurity advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and ... continue reading
Guarding against supply chain attacks—Part 3: How software becomes compromised
Do you know all the software your company uses? The software supply chain can be complex and opaque. It’s comprised of software that businesses use to run operations, such as customer relationship management (CRM), enterprise resource planning (ERP), and project ... continue reading

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
Consider this scenario: Two never-before-seen, heavily obfuscated scripts manage to slip past file-based detection and dynamically load an info-stealing payload into memory. The scripts are part of a social engineering campaign that tricks potential victims into running the scripts, which ... continue reading

Attack inception: Compromised supply chain within a supply chain poses new risks
A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one ... continue reading

Cybersecurity Reference Architecture: Security for a Hybrid Enterprise
The Microsoft Cybersecurity Reference Architecture describes Microsofts cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We recently updated this diagram and wanted to share a little bit about the changes and the document itself to help ... continue reading

Virtualization-based security (VBS) memory enclaves: Data protection through isolation
The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote ... continue reading

Advanced Threat Analytics security research network technical analysis: NotPetya
This post is authored by Igal Gofman, Security Researcher, Advanced Threat Analytics. On June 27, 2017 reports on a new variant of Petya (which was later referred to as NotPetya) malware infection began spreading across the globe. It seems the ... continue reading

Microsoft’s perspective on cyber resilience
This post is authored by Ann Johnson, Vice President, Enterprise Cybersecurity Group. In the wake of recent ransomware outbreaks, I wanted to understand how impacted firms have evolved their thinking on cyber resilience planning and implementation. I asked the Detection ... continue reading