Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange servers and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against high-risk accounts ... continue reading

Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing email is 1 hour, 12 minutes.1 Microsoft tracks more than 35 ransomware families and ... continue reading

Why should you care about the behavioral risk of your employees? Eighty-two percent of breaches include (and often start with) user behavior.1 Not all are phishing, but a majority of them are just that. Phishing is, and has been for ... continue reading

In recent weeks, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence ... continue reading

Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver ... continue reading

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Runa Sandvik, Former Senior Director of Information Security at The New York Times ... continue reading

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Runa Sandvik, Former Senior Director of Information Security at The New York Times ... continue reading

The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely ... continue reading

Hi everyone, I’m Sue, the VP of Identity’s Customer & Partner Success team, and I love having the opportunity to share stories from real customers via this blog series. We've designed this collection of stories from real customers that have ... continue reading

For executives in the IT and security spaces, the current climate offers reasons to worry. As workers become accustomed to new flexibility in the workplace, hybrid and remote work options present more challenges. Users want to access corporate resources from ... continue reading