Select Page
Screenshot of a Microsoft Defender for Endpoint alert in the security center about a CoinMiner that was blocked.

Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT

Cryptocurrency mining—once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources—has been on the rise in recent years. This increase in cryptocurrency mining activity is driven by the increasing value of cryptocurrencies ... continue reading
Architectural diagram displaying CyberMDX integrating with Microsoft Defender for Endpoint.

CyberMDX and Microsoft: Protecting life-saving medical devices

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA. While hospitals continue to battle the COVID-19 pandemic, many are battling other “viruses” behind the scenes. Malware, ransomware, and phishing attacks against healthcare delivery ... continue reading
Investigating a unique “form” of email delivery for IcedID malware

Investigating a unique “form” of email delivery for IcedID malware

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind ... continue reading
The threat matrix for cloud-based Storage services. The matrix consists of the various attack techniques that pose threats to Storage resources.

Threat matrix for storage

The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat ... continue reading
Attack diagram showing stages of an attack and how the threat actor tracking model caught the initial stages so the affected organization could stop the attack

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting

As seen in recent sophisticated cyberattacks, especially human-operated campaigns, it’s critical to not only detect an attack as early as possible but also to rapidly determine the scope of the compromise and predict how it will progress. How an attack ... continue reading
Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. These attacks are now performed by multiple threat actors ranging from financially motivated cybercriminals to state-sponsored groups. To help customers who are not able to immediately ... continue reading
MEM Home

Attack Surface Reduction Rules – Warn Mode with MEM/M365 Defender

Introduction This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In a previous blog back in July, 2020, I walked through a demo of setting up an Attack ... continue reading

Protecting on-premises Exchange Servers against recent attacks

For the past few weeks, Microsoft and others in the security industry have seen an increase in attacks against on-premises Exchange servers. The target of these attacks is a type of email server most often used by small and medium-sized ... continue reading
Security alert of malware hash reputation analysis

Azure Defender for Storage powered by Microsoft threat intelligence

This blog post was co-authored with Roy Levin, Senior Data Scientist With the reality of working from home, more people and devices are now accessing corporate data across home networks. This raises the risks of cyber-attacks and elevates the importance ... continue reading
Built in Backup Management at Scale

Built-in backup management at scale with Backup center

During this period of the pandemic-disrupted workplace, we have seen unprecedented growth in cloud adoption and dependence on the cloud for data protection to address business continuity and ensure resilience. We understand that protecting your data from increased ransomware attacks, ... continue reading