With Microsoft continuously improving kernel mitigations and raising the bar for exploiting native kernel components, third-party kernel drivers are becoming a more appealing target for attackers and an important area of research for security analysts. A vulnerability in a signed ... continue reading

Last week we launched Azure Sentinel, a cloud native SIEM tool. Machine learning (ML) in Azure Sentinel is built-in right from the beginning. We have thoughtfully designed the system with ML innovations aimed to make security analysts, security data scientists, ... continue reading

Healthcare organizations depend on data-driven decisions. To enable better decisions and better health outcomes, healthcare organizations are moving to the cloud. There, the latest advances in artificial intelligence, machine learning, and analytics can be more easily tested and implemented. For ... continue reading

Consider this scenario: Two never-before-seen, heavily obfuscated scripts manage to slip past file-based detection and dynamically load an info-stealing payload into memory. The scripts are part of a social engineering campaign that tricks potential victims into running the scripts, which ... continue reading

This blog post was co-authored by Haley Rowland, Jeff Woolsey, Ned Pyle, and Samuel Li, Program Managers, Windows Server. Hybrid is the destination, not the journey. Millions of our customers rely on their Windows Server investments to run their business ... continue reading

Hello, this is Paul Bergson again with another topic on security. The threat of malware continues to impact business with no relief in sight. The latest topic brought back childhood memories of how the “Leeches” of the internet prey upon ... continue reading

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one ... continue reading

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few ... continue reading

The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote ... continue reading

This post is authored by Igal Gofman, Security Researcher, Advanced Threat Analytics. On June 27, 2017 reports on a new variant of Petya (which was later referred to as NotPetya) malware infection began spreading across the globe. It seems the ... continue reading