Select Page
Screenshot of code showing the original exploit vector

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as ... continue reading
Top 6 tips for configuring a new Microsoft Azure environment

Top 6 tips for configuring a new Microsoft Azure environment

A sparkling new Microsoft Azure environment is a beautiful thing, but before you start creating resources, what should you configure first? The Microsoft Cloud Adoption Framework has detailed guidance on defining your strategy, planning for the cloud, getting ready with ... continue reading

Migrating content from traditional SIEMs to Azure Sentinel

In part two of this three-part series, we covered the five types of side-by-side security information and event management (SIEM) configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices ... continue reading

Innovate securely with Azure

This blog post has been co-authored by Carissa Broadbent, Product Marketing Manager, Security Marketing. Security is based on the inherent need for safety. Today, we see that need challenged more than ever. In the past year alone, we’ve witnessed an ... continue reading
Screenshot of email

Attackers use Morse code, other encryption methods in evasive phishing campaign

Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill ... continue reading
Number of DDoS attacks

Azure DDoS Protection—2021 Q1 and Q2 DDoS attack trends

This blog post was co-authored by Amir Dahan, Senior Program Manager, Anupam Vij, Principal Program Manager, Skye Zhu, Data and Applied Scientist 2, and Syed Pasha, Principal Network Engineer, Azure Networking. In our 2020 retrospective, we highlighted shifts in the ... continue reading

7 ways to harden your environment against compromise

Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware ... continue reading
Diagram showing chain of attacks from the LemonDuck and LemonCat infrastructure, detailing specific attacker behavior common to both and highlight behavior unique to each infra

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts ... continue reading
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading

How Microsoft Security empowers partners to build customer trust

As I reflect on my first year at Microsoft, it was both challenging and exceptional: from my remote onboarding in the middle of a pandemic to dramatic changes in the cyber landscape, to Microsoft’s critical role as a frontline responder ... continue reading