Select Page
The Microsoft vulnerable driver blocklist feature enabled in the Core isolation page within the Windows Security app.

New security features for Windows 11 will help protect hybrid work

Attackers haven’t wasted any time capitalizing on the rapid move to hybrid work. Every day cybercriminals and nation-states alike have improved their targeting, speed, and accuracy as the world adapted to working outside the office. These changes have put “cybersecurity ... continue reading
Firewall protection against ransomware attack using command and control channel.

Improve your security defenses for ransomware attacks with Azure Firewall

To ensure customers running on Azure are protected against ransomware attacks, Microsoft has invested heavily in Azure security and has provided customers with the security controls needed to protect their Azure cloud workloads. A comprehensive overview of best practices and ... continue reading
Visual chart depicting the four stages of the life cycle of an incident: Before, during, and after an incident and the lessons learned.

Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threats

In part three of this blog series on aligning security with business objectives and risk, we explored what it takes for security leaders to shift from looking at their mission as purely defending against technical attacks, to one that focuses ... continue reading
Real people. IT professionals build and maintain the LinkedIn server farm which operates on 100% renewable energy. Power is hydro-generated and managed efficiently on-site with minimum new draw from external grid. State-of-the-art facility uses eco-friendly solutions such as using reclaimed water to cool the data center.

Securing Azure datacenters with continuous IoT/OT monitoring

As more intelligent devices and machinery become connected to the internet, Operational Technology (OT) and the Internet of Things (IoT) have become part of your enterprise network infrastructure—and a growing security risk. With every new factory sensor, wind turbine monitoring ... continue reading
Orgs with ZeroLogon exploitation attempts by red teams and real attackers starting September 13, 2020

Zerologon is now detected by Microsoft Defender for Identity

There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to ... continue reading
Mitigating vulnerabilities in endpoint network stacks

Mitigating vulnerabilities in endpoint network stacks

The skyrocketing demand for tools that enable real-time collaboration, remote desktops for accessing company information, and other services that enable remote work underlines the tremendous importance of building and shipping secure products and services. While this is magnified as organizations ... continue reading

SMB is Dead, Long Live SMB!

Hello again, James Kehr here with another guest post. Titles are hard to do. They must convey the topic to the reader while being both interesting and informative, all at the same time. Doing this with a technical article makes ... continue reading

Guarding against supply chain attacks—Part 1: The big picture

Every day, somewhere in the world, governments, businesses, educational organizations, and individuals are hacked. Precious data is stolen or held for ransom, and the wheels of “business-as-usual” grind to a halt. These criminal acts are expected to cost more than ... continue reading
Chart showing vulnerability, patch release, and outbreak. Vulnerability: MS08-067; Patch release: October 23, 2008; Outbreak: late December 2008. Vulnerability: MS17-010; Patch release: March 14, 2017; Outbreak: May 12, 2017. Vulnerability: CVE-2019-0708; Patch release: May 13, 2019; Outbreak column shows three question marks.

Protect against BlueKeep

Worms are the cause of many cyber headaches. They can easily replicate themselves to spread malicious malware to other computers in your network. As the field responders providing Microsoft enterprise customers with onsite assistance to serious cybersecurity threats, our Detection ... continue reading
figure-01-WannaCry-user-APC-injection-technique-schematic-diagram

From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw

With Microsoft continuously improving kernel mitigations and raising the bar for exploiting native kernel components, third-party kernel drivers are becoming a more appealing target for attackers and an important area of research for security analysts. A vulnerability in a signed ... continue reading