Select Page

Helping security professionals do more, better

I’m on my way to the RSA Conference in San Francisco, California, and am looking forward to connecting with our customers and partners there. We have a lot to talk about. Last week, Ann Johnson announced two new services that ... continue reading
Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior ... continue reading

Phishing with the Sharks Using the Attack Simulator

Hello, Paul Bergson back again. It is late fall and once again playoff time for High School and Collegiate volleyball. Women’s volleyball in Minnesota is a big deal and I have played and coached for over 30 years and I ... continue reading
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted ... continue reading
Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks

Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia. Given the target region and verticals, the attack ... continue reading
The evolution of Microsoft Threat Protection, November update

The evolution of Microsoft Threat Protection, November update

At Ignite 2018, we announced Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure (Figure 1). The foundation of the solution is the Microsoft Intelligent Security Graph, which correlates ... continue reading
Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word ... continue reading
Office VBA + AMSI: Parting the veil on malicious macros

Office VBA + AMSI: Parting the veil on malicious macros

As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security solutions to scan macros and other scripts at runtime to check for ... continue reading
Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis

Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they might need ... continue reading
#Microsoft Azure #Security Center Standard for Hybrid Security #Azure #Cloud #SIEM

#Microsoft Azure #Security Center Standard for Hybrid Security #Azure #Cloud #SIEM

Azure Security Center Standard includes: Hybrid security – Get a unified view of security across all of your on-premises and cloud workloads. Apply security policies and continuously assess the security of your hybrid cloud workloads to ensure compliance with security ... continue reading