Wednesday, March 29, 2023
Latest:

incident response

Microsoft Secure 

Token tactics: How to prevent, detect, and respond to cloud token theft

TH Author , , , , , ,

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.
The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack

TH Author , , ,

In the third of a four-part series on the Nobelium nation-state attack, we share how Microsoft product teams built new detections into products to better protect customers.
The post Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
Microsoft Secure 

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

TH Author , , , , ,

We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.
The post Microsoft open sources CodeQL queries used to hunt for Solorigate activity appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Advice for incident responders on recovery from systemic identity compromises

TH Author , , ,

Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate. DART walks you through remediation steps as well as some longer term mitigations.
The post Advice for incident responders on recovery from systemic identity compromises appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

TH Author , , , , , , ,

Security incidents don’t happen exclusively during business hours: attackers often wait until the late hours of the night to breach an environment.
The post How to gain 24/7 detection and response coverage with Microsoft Defender ATP appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

TH Author , , , , , , ,

This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC. This is the sixth blog post in the series.
The post Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2 appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

TH Author , , , , , , , , , , , , , , , , ,

By working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.
The post Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry appeared first on Microsoft Security. READ MORE HERE…

Read more