October 7, 2022

Microsoft publishes new report on holistic insider risk management

The risk landscape for organizations has changed significantly in the past few years. The amount of data captured, copied, and consumed is expected to grow to […]
October 1, 2022

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

Microsoft is aware of limited targeted attacks using two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first […]
September 30, 2022

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

Summary Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request […]
September 30, 2022

How one product manager builds community at Microsoft Security

I first met Joey Cruz not long after he joined the Microsoft Identity and Network Access (IDNA) team when he helped create demos for a keynote […]
September 30, 2022

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft […]
September 30, 2022

CSO perspective: Why a strong IAM strategy is key to an organization’s cybersecurity approach

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog […]
September 22, 2022

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

Our analysis of a recent version of a previously reported info-stealing Android malware, delivered through an ongoing SMS campaign, demonstrates the continuous evolution of mobile threats. […]
September 22, 2022

The art and science behind Microsoft threat hunting: Part 2

We discussed Microsoft Detection and Response Team’s (DART) threat hunting principles in part 1 of The art and science behind Microsoft threat hunting blog series. In […]
September 21, 2022

Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance

Summary Today, Microsoft released a new version of the Azure Key Vault Software Development Kit (SDK) and Azure Identity SDK that includes defense-in-depth feature improvements. We […]
September 21, 2022

Defense-in-Depth Updates for Azure Identity SDK and Azure Key Vault SDK plus Best Practice Implementation Guidance

Summary Today, Microsoft released a new version of the Azure Key Vault Software Development Kit (SDK) and Azure Identity SDK that includes defense-in-depth feature improvements. We […]
September 21, 2022

New Windows 11 security features are designed for hybrid work

Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing […]
September 21, 2022

New Windows 11 security features are designed for hybrid work

Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing […]