
Microsoft Entra: 5 identity priorities for 2023
Welcome to 2023. After the pandemic upended how we work, learn, play, and manage our lives, we find ourselves more connected than ever, with more convenient access to an ever-wider range of online tools and experiences. But as our global ... continue reading

Microsoft research uncovers new Zerobot capabilities
Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue ... continue reading

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure ... continue reading
Utilizing Zero Trust architecture principles for External Identities
As hybrid work environments become normal and we continue to collaborate, the importance of adopting zero-trust architecture principles is more vital than ever. Zero trust architecture puts emphasis on three key principles: Verify explicitly: Always authenticate and authorize based ... continue reading

Malicious OAuth applications used to compromise email servers and spread spam
Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange servers and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against high-risk accounts ... continue reading

Implementing a Zero Trust strategy after compromise recovery
What changes after compromise recovery? After the final compromise recovery, steps have been completed and we are back in control. There has been a round of applause and many sighs of relief. Now what? Is everything going back to as ... continue reading

Secure your endpoints with Transparity and Microsoft
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Endpoint protection platforms (EPPs) are dead and no longer sufficient to protect your organization, right? Wrong. When it comes to cybersecurity, the ... continue reading

Hardware-based threat defense against increasingly complex cryptojackers
Even with the dip in the value of cryptocurrencies in the past few months, cryptojackers – trojanized coin miners that attackers distribute to use compromised devices’ computing power for their objectives – continue to be widespread. In the past several ... continue reading

Security for next generation telecommunication networks
Almost two years ago, the National Defense Science Board invited me to participate in the Summer Study 2020 Panel, “Protecting the Global Information Infrastructure.” They requested that I brief them on the evolution of the global communications infrastructure connecting all ... continue reading

How IT and security teams can work together to improve endpoint security
For executives in the IT and security spaces, the current climate offers reasons to worry. As workers become accustomed to new flexibility in the workplace, hybrid and remote work options present more challenges. Users want to access corporate resources from ... continue reading