
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ... continue reading

Changing your console window title
As our skill as a PowerShell developer grows, and the complexity of our scripts increase, we start incorporating new elements to improve the user experience. That might include changing fonts, the background color, or the console window title. This task ... continue reading
New Windows 11 security features are designed for hybrid work
Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing email is 1 hour, 12 minutes.1 Microsoft tracks more than 35 ransomware families and ... continue reading

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could ... continue reading

ACTINIUM targets Ukrainian organizations
The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. MSTIC previously ... continue reading
Destructive malware targeting Ukrainian organizations
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in ... continue reading

New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure
In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused ... continue reading

Defend against zero-day exploits with Microsoft Defender Application Guard
Zero-day security vulnerabilities—known to hackers, but unknown to software creators, security researchers, and the public—are like gold to attackers. With zero-days, or even zero-hours, developers have no time to patch the code, giving hackers enough access and time to explore ... continue reading
How Do I Discover Changes to an AD Group’s Membership
Q: Is there an easy way to detect and changes to important the membership of AD Groups? A: Easy using PowerShell 7, WMI, and the CIM Cmdlets. WMI Windows Management Instrumentation (WMI) is an important component of the Windows operating ... continue reading

Surface expands its Secured-core portfolio with the new Surface Laptop 4 powered by AMD Ryzen™ Mobile Processors
As operating systems are becoming more secure and resistant to compromise, advanced vectors like firmware, kernel and hardware direct memory access (DMA) have emerged as new favored targets for threat actors. Recent trends indicate a substantial growth in the number ... continue reading