Select Page
Figure 1 displays a diagram depicting a typical attack flow for XorDdos malware. The attacker communicates with a bot to SSH brute force a target device and download XorDdos. The malware then performs several techniques for evasion and persistence before connecting with the attacker's C2 server to send data and receive commands.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as ... continue reading
BrunoGabrielli_0-1651246854693.png

Azure Monitor: Expanding the Out-of-the-Box observability for your IT infrastructure

Hello ladies and gentlemen, How many times have you found yourself in the need of monitoring a custom KPI? How many times did you need to react to a situation in which a given number of records in a database ... continue reading
Azure Terrafy – Import your existing Azure infrastructure into Terraform HCL

Azure Terrafy – Import your existing Azure infrastructure into Terraform HCL

When working with Infrastructure as Code (IaC) it’s difficult to know sometimes where to start. You have a couple of options, go to the Terraform on Azure documentation, then figure out how to write some Terraform templates. Or you can ... continue reading
A histogram that presents the number of attacks observed from January 2019 to April 2021, to show prevalence. This chart is originally from the MITRE Sightings Ecosystem project.

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could ... continue reading
Diagram showing the relationship between players in the ransomware-as-a-service affiliate model. Access brokers compromise networks and persist on systems. The RaaS operator develops and maintain tools. The RaaS affiliate performs the attack.

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal ... continue reading

Azure Health Data Services: Engineering product for partners

The healthcare industry has come a long way from putting pen to paper on a pharmacy script or clinical SOAP note to now, being able to deliver primary care in the emerging hospital at home. My career in the healthcare ... continue reading
Azure Bastion architecture diagram

Customize your secure VM session experience with native client support on Azure Bastion

This blog post has been co-authored by Isabelle Morris, Program Manager, Azure Networking As organizations move their mission-critical workloads to the cloud, connecting to virtual machines (VMs) directly over the public internet is becoming more of a security risk. The ... continue reading
Figure 1 displays different ownership policies for the System Bus and the Session Bus;

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers ... continue reading

Removing Duplicate Device Objects from Configuration Manager with PowerShell

Hello everyone, Chris Vetter Customer Engineer at Microsoft back again to discuss an all-too-common problem and that is Duplicate Device Hostnames in Microsoft Endpoint Manager Configuration Manager (MEMCM). This commonly tends to happen when performing an OSD Image on a ... continue reading
Azure SQL Migration UI Snapshot

Amplify your database development experience with Azure Data Studio

It is that time again! We are excited to bring new and exciting updates to Azure Data Studio. These updates include the general availability of the Azure SQL Migration Extension, the introduction of advanced features to the Table Designer feature ... continue reading