
Investigating a unique “form” of email delivery for IcedID malware
Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind ... continue reading

Threat matrix for storage
The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat ... continue reading

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting
As seen in recent sophisticated cyberattacks, especially human-operated campaigns, it’s critical to not only detect an attack as early as possible but also to rapidly determine the scope of the compromise and predict how it will progress. How an attack ... continue reading

Analyzing attacks taking advantage of the Exchange Server vulnerabilities
Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. These attacks are now performed by multiple threat actors ranging from financially motivated cybercriminals to state-sponsored groups. To help customers who are not able to immediately ... continue reading
Attack Surface Reduction Rules – Warn Mode with MEM/M365 Defender
Introduction This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In a previous blog back in July, 2020, I walked through a demo of setting up an Attack ... continue reading

Azure Defender for Storage powered by Microsoft threat intelligence
This blog post was co-authored with Roy Levin, Senior Data Scientist With the reality of working from home, more people and devices are now accessing corporate data across home networks. This raises the risks of cyber-attacks and elevates the importance ... continue reading

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security
Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers (CASB). The organizational need for a CASB has grown alongside the use of cloud apps to enable remote ... continue reading
Microsoft 365 Defender Incident Overview
Introduction This is John Barbare and I am a Sr. Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In this blog I will go over the Microsoft 365 Defender Security Portal and go into detail of the incident ... continue reading

Securing Azure datacenters with continuous IoT/OT monitoring
As more intelligent devices and machinery become connected to the internet, Operational Technology (OT) and the Internet of Things (IoT) have become part of your enterprise network infrastructure—and a growing security risk. With every new factory sensor, wind turbine monitoring ... continue reading
Importance of Browser Updates and Browser Based Security Controls
Introduction This is John Barbare and I am a Sr. Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. It has been a while since I have had time to sit down and write a security blog due to studying and making sure I ... continue reading