ThreatsHub.org
Microsoft threat analysts have detected another evolution in GADOLINIUM’s tooling that the security community should understand when establishing defenses.
The post Microsoft Security—detecting empires in the cloud appeared first on Microsoft Security. READ MORE HERE…
Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections.
The post STRONTIUM: Detecting new patterns in credential harvesting appeared first on Microsoft Security. READ MORE HERE…
Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains. It connects related existing alerts and generates additional alerts where suspicious events that could otherwise be missed can be detected.
The post Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of correlation analytics appeared first on Microsoft Security. READ MORE HERE…
The incidents view in Microsoft Threat Protection empowers SOC analysts by automatically fusing attack evidence and providing a consolidated view of an attack chain and affected assets, as well as a single-click remediation with easy-to-read analyst workflows.
The post Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents appeared first on Microsoft Security. READ MORE HERE…
Every year billions of new connected devices come online. These devices enable businesses to finetune operations, optimize processes, and develop analytics-based services.
The post Afternoon Cyber Tea: Cybersecurity & IoT: New risks and how to minimize them appeared first on Microsoft Security. READ MORE HERE…
In the first blog in the Inside Microsoft Threat Protection series, we will show how MTP provides unparalleled end-to-end visibility into the activities of nation-state level attacks like HOLMIUM.
The post Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint appeared first on Microsoft Security. READ MORE HERE…
Cybercriminals adapted their tactics to match what was going on in the world, and what we saw in the threat environment was parallel to the uptick in COVID-19 headlines and the desire for more information.
The post Exploiting a crisis: How cybercriminals behaved during the outbreak appeared first on Microsoft Security. READ MORE HERE…
Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams.
The post Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation appeared first on Microsoft Security. READ MORE HERE…
Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today.
The post The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware appeared first on Microsoft Security. READ MORE HERE…
Behavioral blocking and containment capabilities leverage multiple Microsoft Defender ATP components and features to immediately stop attacks before they can progress. We have expanded these capabilities to get even broader visibility into malicious behavior by using a rapid protection loop engine that leverages endpoint and detection response (EDR) sensors.
The post Behavioral blocking and containment: Transforming optics into protection appeared first on Microsoft Security. READ MORE HERE…