Select Page
Microsoft Entra Internet Access: An Identity-Centric Secure Web Gateway Solution

Microsoft Entra Internet Access: An Identity-Centric Secure Web Gateway Solution

In our previous blog, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access. This blog continues the series around Microsoft’s new SSE solution, where we’ll take a ... continue reading
Microsoft Entra Expands into Security Service Edge with Two New Offerings

Microsoft Entra Expands into Security Service Edge with Two New Offerings

Flexible work arrangements and accelerating digital transformation changed the way we secure access. Traditional network security approaches just don’t scale to modern demands. They not only hurt end user experience but also grant each user excessive access to the entire ... continue reading
OpenSSH trojan attack chain starting from the threat actor gaining access to routers through brute force attack, leading to the download of multiple malicious files that enable the actor steal SSH credentials and launch commands through IRC.

IoT devices and Linux-based systems targeted by OpenSSH trojan campaign

Cryptojacking, the illicit use of computing resources to mine cryptocurrency, has become increasingly prevalent in recent years, with attackers building a cybercriminal economy around attack tools, infrastructure, and services to generate revenue from targeting a wide range of vulnerable systems, ... continue reading
Graphic showing a range of identity protection methods, going from bad to best. The first column on the left shows bad passwords; the second column shows good password; the third column shows better passwords; and the fourth column shows best passwords.

How Microsoft can help you go passwordless this World Password Day

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that ... continue reading
Bar graph showing showing how password-related attacks have been constantly growing between 2018 and 2022.

​​Microsoft Entra: 5 identity priorities for 2023

Welcome to 2023. After the pandemic upended how we work, learn, play, and manage our lives, we find ourselves more connected than ever, with more convenient access to an ever-wider range of online tools and experiences. But as our global ... continue reading
Screenshot of malware code, a script that is used to download a remote code administration tool

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue ... continue reading
A geographical map that presents the countries where the devices affected by the botnet are located. Countries with affected devices are highlighted on the map in blue.

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure ... continue reading
Utilizing Zero Trust architecture principles for External Identities

Utilizing Zero Trust architecture principles for External Identities

As hybrid work environments become normal and we continue to collaborate, the importance of adopting zero-trust architecture principles is more vital than ever. Zero trust architecture puts emphasis on three key principles:    Verify explicitly: Always authenticate and authorize based ... continue reading
A diagram of the attack chain. It presents the flow of activity from left to right, starting with the attacker gaining access to its target tenant and leading to spam messages being sent to targets.

Malicious OAuth applications used to compromise email servers and spread spam

Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange servers and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against high-risk accounts ... continue reading
Guidance for technical architecture relating to Microsoft Zero Trust Principles.

Implementing a Zero Trust strategy after compromise recovery

What changes after compromise recovery? After the final compromise recovery, steps have been completed and we are back in control. There has been a round of applause and many sighs of relief.  Now what? Is everything going back to as ... continue reading