Creators Update – Computer Security Articles

Combating a spate of Java malware with machine learning in real-time

April 20, 2017 admin Antimalware research for IT pros and enthusiasts, automation, cloud protection, Creators Update, Java, Java malware, machine learning, obfuscation, Social engineering, spam, Threat Intelligence, Windows 10, Windows 10 Creators Update, Windows Defender Antivirus

Credit to Author: msft-mmpc| Date: Thu, 20 Apr 2017 13:02:00 +0000

In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert systems and machine learning models, Windows 10 PCs get real-time protection against these latest threats. Attackers are constantly changing their methods and tools. We…

Microsoft Security

Tech support scams persist with increasingly crafty techniques

April 3, 2017 admin Antimalware research for IT pros and enthusiasts, Creators Update, Cusax, FakeBSOD, FakeCall, Hicurdismos, Microsoft Edge, Monitev, SupportScam, tech support scam, Techbrolo, Windows 10, Windows Defender, Windows Defender Antivirus, Windows Defender SmartScreen

Credit to Author: msft-mmpc| Date: Mon, 03 Apr 2017 12:58:02 +0000

Millions of users continue to encounter technical support scams. Data from Windows Defender SmartScreen (which is used by both Microsoft Edge and Internet Explorer to block malicious sites) and Windows Defender Antivirus show that some three million users are subjected to these threats every month. In addition to being rampant, technical support scams continue to…

Microsoft Security

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

March 27, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Coreinfo, Creators Update, CVE-2017-005, Device Guard, EoP, PALETTE, Product features and announcements, SMEP, virtualization-based security, Windows 10, Windows 10 Creators Update, Windows Defender Advanced Threat Protection, Windows Defender ATP, zero-day exploits, ZIRCONIUM

Credit to Author: msft-mmpc| Date: Mon, 27 Mar 2017 15:00:01 +0000

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these platforms. In this article, we…

Microsoft Security

Uncovering cross-process injection with Windows Defender ATP

March 8, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, APTs, bitcoin, CoinMiner, Creators Update, cross-process injection, Exploits, Fynloski RAT, Gatak, GOLD activity group, in-memory attacks, post-breach detection, public preview, Windows 10, Windows Defender Advanced Threat Protection, Windows Defender ATP, zero-day exploits

Credit to Author: msft-mmpc| Date: Thu, 09 Mar 2017 06:16:01 +0000

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft—read how Windows 10 continues to raise…

Microsoft Security

Averting ransomware epidemics in corporate networks with Windows Defender ATP

January 30, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Creators Update, ransomware, Windows 10, Windows Defender, Windows Defender ATP

Microsoft security researchers continue to observe ransomware campaigns blanketing the market and indiscriminately hitting potential targets. Unsurprisingly, these campaigns also continue to use email and the web as primary delivery mechanisms. Also, it appears that most corporate victims are simply caught by the wide nets cast by ransomware operators. Unlike cyberespionage groups, ransomware operators do…