Microsoft sponsors OWASP ModSecurity CRS to improve application security
This post was co-authored by Henry Yan, Product Marketing Manager. Increased cloud adoption and the shift to hybrid work has resulted in increased usage of digital assets. While moving web applications and APIs to the cloud provides many advantages for ... continue reading

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this ... continue reading

Tarrask malware uses scheduled tasks for defense evasion
As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team (DART) in collaboration with the Microsoft Threat Intelligence Center (MSTIC) ... continue reading

Detect active network reconnaissance with Microsoft Defender for Endpoint
The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, ... continue reading
Bastion 101 – Connections with Confidence
Lately, I have been spending a lot of time working with Azure Virtual Machines (VMs) debugging some ways to deploy applications. Sometimes when troubleshooting a problem, it helps to have administrative access directly to the server. Finding solutions to avoid ... continue reading

Defend against zero-day exploits with Microsoft Defender Application Guard
Zero-day security vulnerabilities—known to hackers, but unknown to software creators, security researchers, and the public—are like gold to attackers. With zero-days, or even zero-hours, developers have no time to patch the code, giving hackers enough access and time to explore ... continue reading

Azure DDoS Protection—2021 Q1 and Q2 DDoS attack trends
This blog post was co-authored by Amir Dahan, Senior Program Manager, Anupam Vij, Principal Program Manager, Skye Zhu, Data and Applied Scientist 2, and Syed Pasha, Principal Network Engineer, Azure Networking. In our 2020 retrospective, we highlighted shifts in the ... continue reading

Improve your threat detection and response with Microsoft and Wortell
This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA. The way of working is changing rapidly. Many workloads are moving to the cloud and the pandemic accelerated organizations to provide infrastructure to aid ... continue reading

New sophisticated email-based attack from NOBELIUM
Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked ... continue reading

Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threats
In part three of this blog series on aligning security with business objectives and risk, we explored what it takes for security leaders to shift from looking at their mission as purely defending against technical attacks, to one that focuses ... continue reading