Select Page

Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365

Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how ... continue reading
Timeline showing dates, threat actor, and malware payload of ransomware attacks by Iranian threat actors

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends ... continue reading

How to assess and improve the security culture of your business

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cygenta ... continue reading
Diagram showing typical attack chain of HTML smuggling

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks. Notably, this technique was ... continue reading
First-party engineering systems for hardware and software, Firmware and driver security, physical security, manufacturing security, logistics security, supplier security, trust chain governance and resilience, security validations and assurances, and monitoring and detections.

Learn how Microsoft strengthens IoT and OT security with Zero Trust

As cyber threats grow more sophisticated and relentless, the need for Cybersecurity Awareness Month becomes more urgent every year. As part of our year-round commitment to security for all, Microsoft continues to track numerous incidents targeting both digital and physical ... continue reading
™

Protect your business with Microsoft Security’s comprehensive protection

Securing an organization has never been simple. But over the past year, we’ve seen significant changes in the threat landscape that are having a major impact on organizations of every size in every sector. The frequency and sophistication of cyber ... continue reading
Timeline showing the transition from Global pre-Covid onsite work for Microsoft employees beginning at around 100,000 employees entering Microsoft buildings in January 2020 and falling to around 30,000 employees by August of 2021.

New insights on cybersecurity in the age of hybrid work

As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent ... continue reading
The most targeted sectors between July 2020 and June 2021 were Government (48 percent) and NGOs and Think Tanks (31 percent).

Microsoft Digital Defense Report shares new insights on nation-state attacks

Microsoft is proud to promote Cybersecurity Awareness Month as part of our ongoing commitment to security for all. Year-round, Microsoft tracks nation-state threat activities to help protect organizations and individuals from these advanced persistent actors. We’re constantly improving our capabilities ... continue reading
Example intrusion conducted by NOBELIUM demonstrating nested access across variety of methods

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations ... continue reading
Screenshot of HTML code showing zero-point font technique

Franken-phish: TodayZoo built from other phishing kits

A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that ... continue reading