April 27, 2022

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The […]
April 14, 2022

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our […]
April 13, 2022

Tarrask malware uses scheduled tasks for defense evasion

As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft […]
April 6, 2022

Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations

For the fourth consecutive year, Microsoft 365 Defender demonstrated its industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations. Showcasing the value of an integrated XDR […]
April 5, 2022

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

Recently, several remote code execution (RCE) vulnerabilities in the Spring Framework for Java were publicly disclosed. Microsoft is currently assessing the impact associated with these vulnerabilities. […]
April 1, 2022

Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations

For the fourth year in a row, the independent MITRE Engenuity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) Evaluations demonstrated Microsoft’s strong detection and protection capabilities thanks to […]
March 23, 2022

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

In recent weeks, Microsoft Security teams have been actively tracking a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive […]
March 17, 2022

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of […]
February 26, 2022

MSTICPy January 2022 hackathon highlights

During the month of January 2022, the Microsoft Threat Intelligence Center (MSTIC) ran its inaugural hackathon for the open-source Jupyter and Python Security Tools library, MSTICPy. […]
February 24, 2022

Microsoft Security delivers new multicloud capabilities

In times of great change, challenges and opportunities can be found in many directions. This is certainly true in IT and cybersecurity. Today, while navigating a […]
February 17, 2022

‘Ice phishing’ on the blockchain

The technologies that connect us are continually advancing, and while this brings tremendous new capabilities to users, it also opens new attack surfaces for adversaries and […]
February 11, 2022

What’s Next in Security from Microsoft

One of the biggest challenges in security today is complexity. Not only is there an ever-growing number of threats, but many organizations are defending their companies […]