Select Page
Diagram of the high-level Solorigate attack chain

Using Microsoft 365 Defender to protect against Solorigate

Microsoft security researchers continue to investigate and respond to the sophisticated cyberattack known as Solorigate (also referred to as Sunburst by FireEye) involving a supply chain compromise and the subsequent compromise of cloud assets. While the related investigations and impact ... continue reading
Learn Azure Sentinel on Microsoft Learn

Learn Azure Sentinel on Microsoft Learn

Why not use some of the upcoming days to learn something new? Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across ... continue reading
Advice for incident responders on recovery from systemic identity compromises

Advice for incident responders on recovery from systemic identity compromises

As Microsoft alongside our industry partners and the security community continues to investigate the extent of the Solorigate attack, our goal is to provide the latest threat intelligence including IOCs and guidance across our products and solutions to help the ... continue reading
Graph.png

Understanding “Solorigate”‘s Identity IOCs – for Identity Vendors and their customers.

Microsoft recently disclosed a set of complex techniques used by an advanced actor to execute attacks against several key customers. While we detected anomalies by analyzing requests from customer environments to the Microsoft 365 cloud, the attacks generalize to any ... continue reading
darlenebada_0-1608141654092.png

Enhanced AI for account compromise prevention

Hello Everyone,One of the amazing journeys I have been lucky to be a part of is developing our self-tuning algorithms for detecting attacks on accounts in real-time. Back in 2012, we got tired of the treadmill of manually adapting to ... continue reading
Protect your SQL Server on-premises, in Azure, and in multicloud

Protect your SQL Server on-premises, in Azure, and in multicloud

Azure Defender for SQL is now generally available for use with SQL Server on premises, in multicloud deployments on Amazon Web Services (AWS), and Google Cloud Platform (GCP), and in virtual machines on Azure. Azure Defender for SQL constantly monitors ... continue reading
Diagram showing BISMUTH attacker techniques across attack stages

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with ... continue reading
Purdue Model traversal in TRITON attack

Go inside the new Azure Defender for IoT including CyberX

In 2020, the move toward digital transformation and Industry 4.0 took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational efficiency and reduce costs. But the cybersecurity model for operational technology (OT) was already ... continue reading
Trickbot disrupted

Trickbot disrupted

As announced today, Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure. As a result, operators will no longer be ... continue reading
An image of a GADOLINIUM controlled Microsoft TechNet profile established in 2016.

Microsoft Security—detecting empires in the cloud

Microsoft consistently tracks the most advanced threat actors and evolving attack techniques. We use these findings to harden our products and platform and share them with the security community to help defenders everywhere better protect the planet. Recently, the Microsoft ... continue reading