January 6, 2023

Unraveling the techniques of Mac ransomware

Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast […]
December 22, 2022

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as […]
December 20, 2022

Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple’s Gatekeeper security mechanism, designed […]
December 16, 2022

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware […]
December 13, 2022

IIS modules: The evolution of web shells and how to detect them 

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into […]
December 8, 2022

Mitigate threats with the new threat matrix for Kubernetes

Today, we are glad to release the third version of the threat matrix for Kubernetes, an evolving knowledge base for security threats that target Kubernetes clusters. […]
December 7, 2022

DEV-0139 launches targeted attacks against the cryptocurrency industry

Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals […]
November 23, 2022

Join us at InfoSec Jupyterthon 2022

Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations […]
November 18, 2022

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which […]
November 17, 2022

Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources […]
November 16, 2022

2022 holiday DDoS protection guide

The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions. Organizations also have […]
November 11, 2022

Microsoft threat intelligence presented at CyberWarCon 2022 

At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity. This blog is intended to summarize […]