A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Credit to Author: Eric Avena| Date: Wed, 07 Aug 2019 23:50:25 +0000

Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.

The post A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response appeared first on Microsoft Security.

Read more

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Credit to Author: Windows Defender ATP| Date: Mon, 03 Dec 2018 16:00:10 +0000

Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign primarily targeted public sector institutions and non-governmental organizations like think tanks and research centers, but also included

Read more

The post Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers appeared first on Microsoft Secure.

Read more

Making it real—harnessing data gravity to build the next gen SOC

Credit to Author: toddvanderark| Date: Mon, 15 Oct 2018 16:00:38 +0000

In this post we address the question: “How do we make data gravity a reality in the security operations center (SOC) while we are under increased and constant pressure from motivated threat actors?”

The post Making it real—harnessing data gravity to build the next gen SOC appeared first on Microsoft Secure.

Read more

Small businesses targeted by highly localized Ursnif campaign

Credit to Author: Windows Defender ATP| Date: Thu, 06 Sep 2018 18:00:09 +0000

Cyber thieves are continuously looking for new ways to get people to click on a bad link, open a malicious file, or install a poisoned update in order to steal valuable data. In the past, they cast as wide a net as possible to increase the pool of potential victims. But attacks that create a

Read more

Read more

Attack inception: Compromised supply chain within a supply chain poses new risks

Credit to Author: Windows Defender ATP| Date: Thu, 26 Jul 2018 13:00:13 +0000

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a

Read more

Read more

Machine learning vs. social engineering

Credit to Author: Windows Defender ATP| Date: Thu, 07 Jun 2018 13:00:56 +0000

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware,

Read more

Read more

Taking apart a double zero-day sample discovered in joint hunt with ESET

Credit to Author: Windows Defender ATP| Date: Mon, 02 Jul 2018 15:00:00 +0000

In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherpanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was surprised to discover two new zero-day exploits in the same

Read more

Read more

Machine learning vs. social engineering

Credit to Author: Windows Defender ATP| Date: Thu, 07 Jun 2018 13:00:56 +0000

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware,

Read more

Read more

How artificial intelligence stopped an Emotet outbreak

Credit to Author: Windows Defender ATP| Date: Wed, 14 Feb 2018 14:43:26 +0000

At 12:46 a.m. local time on February 3, a Windows 7 Pro customer in North Carolina became the first would-be victim of a new malware attack campaign for Trojan:Win32/Emotet. In the next 30 minutes, the campaign tried to attack over a thousand potential victims, all of whom were instantly and automatically protected by Windows Defender

Read more

Read more

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Credit to Author: Windows Defender ATP| Date: Wed, 10 Jan 2018 14:00:31 +0000

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making real-world impact, affecting corporate networks and bringing down critical services like hospitals,

Read more

Read more

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Credit to Author: Windows Defender ATP| Date: Mon, 04 Dec 2017 23:06:44 +0000

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the Andromeda botnet. The disruption is the culmination of a journey that started in

Read more

Read more