incident response

Microsoft Secure

Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.
The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.
The post Microsoft open sources CodeQL queries used to hunt for Solorigate activity appeared first on Microsoft Security. READ MORE HERE…

Read More