Trickbot disrupted
Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure.
Sophisticated new Android malware marks the latest evolution of mobile ransomware
We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms.
Industry-wide partnership on threat-informed defense improves security for all
MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). Microsoft is proud to be part of this industry-wide collaborative project.
STRONTIUM: Detecting new patterns in credential harvesting
Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections.
Force firmware code to be measured and attested by Secure Launch on Windows 10
For important security features on Windows to properly do their jobs, the platform’s firmware and hardware must be trustworthy and healthy. Learn about Secure Launch, which leverages the principle of Dynamic Root of Trust for Measurement (DRTM), and System Management Mode (SMM) protection.
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.
Taking Transport Layer Security (TLS) to the next level with TLS 1.3
TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible.
Inside Microsoft 365 Defender: Solving cross-domain security incidents through the power of correlation analytics
Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains. It connects related existing alerts and generates additional alerts where suspicious events that could otherwise be missed can be detected.
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
Learn how we’re using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times.
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption
Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
The psychology of social engineering—the “soft” side of cybercrime
Build a phishing resistant culture with Cialdini’s 6 Principles of Persuasion .
Defending Exchange servers under attack
Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.