Microsoft security intelligence Archives - Page 17 of 20

Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

May 5, 2020 TH Author cloud computing, Cybersecurity, Detection and Response Team (DART), Endpoint security, incident response, Microsoft Cloud App Security, Microsoft Detection and Response Team (DART), Microsoft security intelligence

This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC. This is the sixth blog post in the series.
The post Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2 appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Mitigating vulnerabilities in endpoint network stacks

May 4, 2020 TH Author Advanced Threat Analytics, Cybersecurity, Cybersecurity deployment, Endpoint security, Information/data protection, Microsoft security intelligence, Network Security

Learn how the Microsoft Security Assurance and Vulnerability Research team secures critical products.
The post Mitigating vulnerabilities in endpoint network stacks appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Data governance matters now more than ever

April 30, 2020 TH Author Compliance and security, Cybersecurity, Data Privacy, Microsoft 365, Microsoft security intelligence, Windows Security

Today we are excited to announce the general availability of Microsoft 365 Records Management, which can help organizations to secure and govern their most critical data.
The post Data governance matters now more than ever appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

April 28, 2020 TH Author Cybersecurity, human-operated ransomware, Maze, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, NetWalker, PonyFinal, ransomware, REvil, RobbinHood, Vatet

Multiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020.
The post Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

April 22, 2020 TH Author Advanced Threat Analytics, Cybersecurity, Cybersecurity deployment, Cybersecurity Policy, Data Privacy, Evolution of Microsoft Threat Protection, Evolution of Microsoft Threat Protection page, incident response, Information/data protection, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP, Microsoft Detection and Response Team (DART), Microsoft security intelligence, Network Security, Security Intelligence, Security Response, Security strategies, Windows Security

By working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.
The post Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Microsoft shares new threat intelligence, security guidance during global crisis

April 8, 2020 TH Author coronavirus-themed threats, COVID-19 themed attacks, Cybersecurity, emotet, incident response, Microsoft security intelligence, Phishing, Security Intelligence, Security Response, TrickBot

Our threat intelligence shows that COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to the pandemic. We’re seeing a changing of lures, not a surge in attacks. These attacks are settling into the normal ebb and flow of the threat environment.
The post Microsoft shares new threat intelligence, security guidance during global crisis appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do

April 1, 2020 TH Author coronavirus-themed threats, covid-19, Cybersecurity, Endpoint security, gateway, Healthcare, human-operated ransomware, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, ransomware, remote work, REvil, Secure remote work, Securing remote workers series, Security Intelligence, Sodinokibi, Threat protection, virtual private network (VPN), virtual private server (VPS), VPN

Microsoft identified several dozens of hospitals with vulnerable gateway and VPN appliances. We sent these hospitals a first-of-its-kind notification with important info about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates.
The post Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

March 23, 2020 TH Author Alternate Data Streams (ADS), Astaroth, behavioral blocking and containment, Cybersecurity, Endpoint security, fileless, info-stealing malware, living-off-the-land, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, ransomware, Security Intelligence, Threat protection, WMIC

Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
The post Latest Astaroth living-off-the-land attacks are even more invisible but not less observable appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Behavioral blocking and containment: Transforming optics into protection

March 9, 2020 TH Author behavioral blocking and containment, Cybersecurity, endpoint detection and response (EDR), endpoint protection platform (EPP), Endpoint security, Juicy Potato, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP, Microsoft security intelligence, Microsoft Threat Protection, next generation protection, QRat, Security Intelligence, Threat protection

Behavioral blocking and containment capabilities leverage multiple Microsoft Defender ATP components and features to immediately stop attacks before they can progress. We have expanded these capabilities to get even broader visibility into malicious behavior by using a rapid protection loop engine that leverages endpoint and detection response (EDR) sensors.
The post Behavioral blocking and containment: Transforming optics into protection appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Human-operated ransomware attacks: A preventable disaster

March 5, 2020 TH Author Cybersecurity, Doppelpaymer, Dridex, Endpoint security, hands-on-keyboard, human-operated attacks, Microsoft 365, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, PARINACOTA, ransomware, ryuk, Secure Score, Security deployment, Threat protection, TrickBot, Wadhrama

In human-operated ransomware attacks, adversaries exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.
The post Human-operated ransomware attacks: A preventable disaster appeared first on Microsoft Security. READ MORE HERE…