At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly (or not so covertly) penetrated an environment. This involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities.
The post The art and science behind Microsoft threat hunting: Part 1 appeared first on Microsoft Security Blog. READ MORE HERE…
Shortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.
The post Microsoft investigates Iranian attacks against the Albanian government appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft threat intelligence teams have been tracking multiple ransomware campaigns tied to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS.
The post Profiling DEV-0270: PHOSPHORUS’ ransomware operations appeared first on Microsoft Security Blog. READ MORE HERE…
Balaji Parimi, Partner General Manager of Permissions Management in the Identity and Network Access Division at Microsoft, discusses what his startup background brings to his work in identity and access management.
The post One Microsoft manager’s entrepreneurial vision for multicloud identity and access appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users’ accounts with a single click.
The post Vulnerability in TikTok Android app could lead to one-click account hijacking appeared first on Microsoft Security Blog. READ MORE HERE…
Join the Stop Ransomware with Microsoft Security digital event on September 15, 2022, to learn how to safeguard your organization from today’s attacks—and be ready for tomorrow’s.
The post Stop Ransomware with Microsoft Security digital event presents threat intelligence in action appeared first on Microsoft Security Blog. READ MORE HERE…
New Cyber Signals shows more than 80 percent of ransomware attacks can be traced to common configuration errors. Here’s how we can get ahead of these attacks together as a cyber defender community.
The post Cyber Signals: 3 strategies for protection against ransomware appeared first on Microsoft Security Blog. READ MORE HERE…
Black Hat USA 2022 marked the twenty-fifth year that security researchers, security architects, and other security professionals have gathered to share the latest research, developments, and trends. Here are the highlights from the Microsoft Security booth.
The post Microsoft Security highlights from Black Hat USA 2022 appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.
The post MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.
The post MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone appeared first on Microsoft Security Blog. READ MORE HERE…