CSO perspective: Why a strong IAM strategy is key to an organization’s cybersecurity approach

Mastercard Deputy Chief Security Officer Alissa “Dr. Jay” Abdullah, Ph.D., shares insights on why identity and access management is necessary and strategies for securing identities.
The post CSO perspective: Why a strong IAM strategy is key to an organization’s cybersecurity approach appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

ZINC weaponizing open-source software

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.
The post ZINC weaponizing open-source software appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Malicious OAuth applications used to compromise email servers and spread spam

Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange servers to launch spam runs.
The post Malicious OAuth applications used to compromise email servers and spread spam appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions. Users who install the mobile app are unknowingly installing an Android malware with remote access trojan (RAT) capabilities.
The post Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

The art and science behind Microsoft threat hunting: Part 2

In this follow-up post in our series about threat hunting, we talk about some general hunting strategies, frameworks, tools, and how Microsoft incident responders work with threat intelligence.
The post The art and science behind Microsoft threat hunting: Part 2 appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Test your team’s security readiness with the Gone Phishing Tournament

In partnership with Microsoft, Terranova created the Gone Phishing Tournament, an online phishing initiative that uses real-world simulations to establish accurate phishing clickthrough rates and additional benchmarking statistics for user behaviors.
The post Test your team’s security readiness with the Gone Phishing Tournament appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Implementing a Zero Trust strategy after compromise recovery

After a compromise recovery follows what we call a Security Strategic Recovery. This is the plan for moving forward to get up to date with security posture all over the environment. The plan consists of different components like securing privileged access and extended detection and response, but it all points in the same direction: moving ahead with Zero Trust Strategy over traditional network-based security.
The post Implementing a Zero Trust strategy after compromise recovery appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Secure your endpoints with Transparity and Microsoft

When it comes to cybersecurity, the ability to normalize and correlate disparate logs from different devices, appliances, and resources is key, as is the ability to react quickly when under attack. In this blog post, we explore the importance of EPP as an essential component in your security strategy.
The post Secure your endpoints with Transparity and Microsoft appeared first on Microsoft Security Blog. READ MORE HERE…

Read more