Select Page
Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution

Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution

On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look ... continue reading
Flax Typhoon attack chain through the initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and command and control stages.

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading

Do I Need VPN Connectivity for Windows Hello for Business Registration

Hello everyone, my name is Zoheb Shaikh and I’m a Solution Engineer working with the Microsoft Mission Critical team (SfMC). Today I’ll share an interesting discussion about Windows Hello and the need for VPN/Connectivity with Domain Controllers.    Recently I ... continue reading
Heatmap showing observed Storm-0558 activity by day of the week (x-axis) and hour (y-axis).

Analysis of Storm-0558 techniques for unauthorized email access

Executive summary On July 11, 2023, Microsoft published two blogs detailing a malicious campaign by a threat actor tracked as Storm-0558 that targeted customer email that we’ve detected and mitigated: Microsoft Security Response Center and Microsoft on the Issues. As we ... continue reading
The care and feeding of Azure Arc for Servers

The care and feeding of Azure Arc for Servers

Microsoft Azure has a great set of capabilities for managing non-Azure based servers, including monitoring, policy evaluation, inventory and change tracking, and security tools. Access to those services for non-Azure servers may be via Azure Arc – specifically installation of ... continue reading
BlackByte 2.0 ransomware attack chain by order of stages: initial access and privilege escalation, persistence and command and control, reconnaissance, credential access, lateral movement, data staging and exfiltration, and impact.

The five-day job: A BlackByte ransomware intrusion case study

As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – ... continue reading
OpenSSH trojan attack chain starting from the threat actor gaining access to routers through brute force attack, leading to the download of multiple malicious files that enable the actor steal SSH credentials and launch commands through IRC.

IoT devices and Linux-based systems targeted by OpenSSH trojan campaign

Cryptojacking, the illicit use of computing resources to mine cryptocurrency, has become increasingly prevalent in recent years, with attackers building a cybercriminal economy around attack tools, infrastructure, and services to generate revenue from targeting a wide range of vulnerable systems, ... continue reading
Azure Landing Zone Accelerator for AVS - Using a Central Hub in Azure

Azure Landing Zone Accelerator for AVS – Using a Central Hub in Azure

Options for network connectivity with AVS There are many options for network connectivity when it comes to Azure VMware Solution.  This post reviews utilizing a central hub network in Azure. Network Architecture Use ExpressRoute for maximum bandwidth from on-premises. VPN is also ... continue reading
This image shows a diagram of a single Virtual WAN Hub secured with an integrated security solution. The diagram also shows traffic flows between Virtual Networks and on-premises.

Azure Virtual WAN now supports full mesh secure hub connectivity

In May 2023, we announced the general availability of Routing intent and routing policies for all Virtual WAN customers. This feature is powered by the Virtual WAN routing infrastructure and enables Azure Firewall customers to set up policies for private ... continue reading
Network Design Guide for Azure VMware Solution

Network Design Guide for Azure VMware Solution

I have previously talked about Azure VMware Solution Landing Zone Accelerator (AVS LZ) and the automation tools in my previous blog post. This open-source solution provides an architectural approach and reference implementation to prepare Azure landing zone subscriptions for a scalable ... continue reading