Select Page
The most targeted sectors between July 2020 and June 2021 were Government (48 percent) and NGOs and Think Tanks (31 percent).

Microsoft Digital Defense Report shares new insights on nation-state attacks

Microsoft is proud to promote Cybersecurity Awareness Month as part of our ongoing commitment to security for all. Year-round, Microsoft tracks nation-state threat activities to help protect organizations and individuals from these advanced persistent actors. We’re constantly improving our capabilities ... continue reading
Example intrusion conducted by NOBELIUM demonstrating nested access across variety of methods

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations ... continue reading
Screenshot of HTML code showing zero-point font technique

Franken-phish: TodayZoo built from other phishing kits

A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that ... continue reading
MichaelKullish_0-1632940746924.png

Microsoft 365 Password Expiration Notification Email Solution for On-Premises AD Accounts

"Hello Again World!" Hi there! Mike Kullish, here. I'm a Microsoft Customer Engineer (CE) based just off the Gulf Coast of Florida with a focus on AD, Hyper-V and DFS, but I try to help customers with anything on the ... continue reading
Pie graph showing DART engagement metrics by industry spanning from July 2020-June 2021. According to the graph, Consumer/Retail industry holds the highest engagement rate with 13 percent and Energy industry ranks the lowest at just 4 percent.

How cyberattacks are changing according to new Microsoft Digital Defense Report

In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are positive trends—victims are coming forward, humanizing the toll ... continue reading
Integration guidance helps partners deliver Zero Trust solutions

Integration guidance helps partners deliver Zero Trust solutions

Building a great product means listening to what our customers need, and we’ve heard loud and clear from our customers that Zero Trust adoption is more important than ever. In the 2021 Zero Trust Adoption Report, we learned that 96% ... continue reading
Workflow from left to right showcasing the authentication process for how administrators, info workers, firstline workers, and consumers arrive at the Usability, Security, and Cost value additions for passwordless authentication.

3 key resources to accelerate your passwordless journey

Every organization today faces password-related challenges—phishing campaigns, productivity loss, and password management costs to name just a few. The risks now outweigh the benefits when it comes to passwords. Even the strongest passwords are easily phish-able and vulnerable to attacks, ... continue reading
Table showing differences between phishing kits and phishing-as-a-service

Catching the big fish: Analyzing a large-scale phishing-as-a-service operation

In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run. This investigation led us down a rabbit hole as we unearthed one of the ... continue reading
Introducing password removal for Microsoft Accounts

Introducing password removal for Microsoft Accounts

Common attacks such as phishing, password spray, and credential stuffing rely on one unchanging truth: when it comes to passwords, human behavior is predictable. Armed with this predictability, bad actors still succeed most of time when attempting these types of ... continue reading
Diagram showing attack chain of phishing campaigns that use open redirect links

Widespread credential phishing campaign abuses open redirector links

Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links. Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking. Doing so leads to a series ... continue reading