Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized mitigations ... continue reading

October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this ... continue reading

As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team (DART) in collaboration with the Microsoft Threat Intelligence Center (MSTIC) ... continue reading

The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, ... continue reading

Lately, I have been spending a lot of time working with Azure Virtual Machines (VMs) debugging some ways to deploy applications. Sometimes when troubleshooting a problem, it helps to have administrative access directly to the server. Finding solutions to avoid ... continue reading

Zero-day security vulnerabilities—known to hackers, but unknown to software creators, security researchers, and the public—are like gold to attackers. With zero-days, or even zero-hours, developers have no time to patch the code, giving hackers enough access and time to explore ... continue reading

This blog post was co-authored by Amir Dahan, Senior Program Manager, Anupam Vij, Principal Program Manager, Skye Zhu, Data and Applied Scientist 2, and Syed Pasha, Principal Network Engineer, Azure Networking. In our 2020 retrospective, we highlighted shifts in the ... continue reading

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA. The way of working is changing rapidly. Many workloads are moving to the cloud and the pandemic accelerated organizations to provide infrastructure to aid ... continue reading

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked ... continue reading

In part three of this blog series on aligning security with business objectives and risk, we explored what it takes for security leaders to shift from looking at their mission as purely defending against technical attacks, to one that focuses ... continue reading