So you want to be a CISO: What you should know about data protection
Data is the lifeblood of any organization. Whether you’re a Chief Information Security Officer (CISO) or aspiring to become one, protecting sensitive business data will be your main priority. But the job isn’t getting any easier. In 2021, the number ... continue reading

In hot pursuit of ‘cryware’: Defending hot wallets from attacks
The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, ... continue reading

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders
The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could ... continue reading
Microsoft security experts outline next steps after compromise recovery
Who is CRSP? The Microsoft Compromise Recovery Security Practice (CRSP) is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you ... continue reading

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal ... continue reading

Building a safer world together with our partners—introducing Microsoft Security Experts
More threats—not enough defenders The security landscape has become increasingly challenging and complex for our customers. Threats have grown at an alarming rate over the last year, and cybercrime is now expected to cost the world USD10.5 trillion annually by ... continue reading

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers ... continue reading
Discover the anatomy of an external cyberattack surface with new RiskIQ report
The internet is now part of the network. That might sound like hyperbole, but the massive shift to hybrid and remote work and a multicloud environment means security teams must now defend their entire online ecosystem. Recent ransomware attacks against ... continue reading

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could ... continue reading

New security features for Windows 11 will help protect hybrid work
Attackers haven’t wasted any time capitalizing on the rapid move to hybrid work. Every day cybercriminals and nation-states alike have improved their targeting, speed, and accuracy as the world adapted to working outside the office. These changes have put “cybersecurity ... continue reading