Select Page
graphical user interface, application

Cyber Signals: Shifting tactics fuel surge in business email compromise

Today we released the fourth edition of Cyber Signals highlighting a surge in cybercriminal activity around business email compromise (BEC). Microsoft has observed a 38 percent increase in cybercrime as a service (CaaS) targeting business email between 2019 and 2022.1 ... continue reading

Why you should practice rollbacks to prevent data loss in a ransomware attack

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Tanya Janca, Founder and Chief Executive Officer (CEO) of We Hack Purple, who ... continue reading

Healthy security habits to fight credential breaches: Cyberattack Series

Fifty percent of Microsoft cybersecurity recovery engagements relate to ransomware,1 and 61 percent of all breaches involve credentials.2 In this second report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a ... continue reading
Diagram of Mint Sandstorm attack chain examples

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures (TTPs). Specifically, this subset has rapidly weaponized N-day vulnerabilities in common enterprise ... continue reading

Inside Azure for IT: 3 cloud strategies to navigate market uncertainty

The saying, “the only thing constant is change,” is one I can’t seem to get out of my head these days, and also seems to resonate with customers I talk to given the dynamic market changes, macroeconomic headwinds, geopolitical tensions, ... continue reading
Charlie Bell and Vasu Jakkal speaking about Microsoft Security Copilot.

See product news and on-demand sessions from Microsoft Secure

“Great speakers and very knowledgeable.” “Brilliant.” “Wonderful and very useful.” The first Microsoft Secure on March 28, 2023, was a huge success—as this attendee feedback shows. Our virtual event brought together more than 20,000 security professionals eager to learn security ... continue reading
Attack flow of the threat actor through initial access, execution, discovery, persistence, credential access, lateral movement, execution, impact, and communications stages.

MERCURY and DEV-1084: Destructive attack on hybrid environment

Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the ... continue reading
Graphic showing the way Zero Trust enables local and global security.

Secure hybrid and remote workplaces with a Zero Trust approach

Productivity and innovation have become critical goals in many hybrid and remote work environments. Ensuring preventative and strong security, in turn, must be at the heart of that. In this blog series, we’ll discuss two Zero Trust business scenarios: enabling ... continue reading
Computer with non-disclosure agreement with Microsoft Sensitivity label function.

Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.  Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent ... continue reading
SE Labs 2023 Winner of Best Email Security Service provider badge.

Microsoft Defender for Office 365 named Best Email Security Service of 2023 by SE Labs

In today’s world where hybrid and remote work are on the rise, and companies rely on email now more than ever, phishing remains one of the most prominent and sophisticated techniques that malicious actors utilize to attack organizations and gain ... continue reading