Skip to content

Microsoft Secure

No slowdown in Cerber ransomware activity as 2016 draws to a close

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices. Read our latest report: A worthy upgrade:...

Read more

Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe

Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for...

Read more

Microsoft Security Intelligence Report Volume 21 is now available

The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir. This new volume of the report includes threat data from the first half of 2016 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. The report also provides specific threat data for...

Read more

Been shopping lately? Fake credit card email can spook you into downloading Cerber ransomware

As the shopping sprees become increasingly frenetic during holiday season, it’s hard not to worry about how much credit card debt we’re piling. Some of us rely on email notifications from our banks to track the damage to our finances. So what happens when we suddenly get notified about charges for things we never bought?...

Read more

MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking

In this month’s Microsoft Malicious Software Removal Tool (MSRT) release, we continue taking down unwanted software, the pesky threats that force onto our computers things that we neither want nor need. BrowserModifier:Win32/Clodaconas, for instance, displays ads when you’re browsing the internet. It modifies search results pages so that you see unsolicited ads related to your...

Read more

Windows 10: protection, detection, and response against recent Depriz malware attacks

A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender and Windows Defender Advanced Threat Protection Threat Intelligence teams...

Read more

Cybersecurity norms challenge remains

Despite the differences that exist between governments, there is a growing recognition around the world that attacks on the security and stability of the Internet threaten all nations’ interests. The reality driving this alignment is that both emerging and developed economies are internet-dependent and, equally significantly, that malicious actors can use ubiquitous technologies to attack...

Read more

How much time do you spend on false security alerts?

The latest data on global threats—from malicious websites and untrusted IPs to malware and beyond—can help a company detect threats and rapidly respond. The challenge is that threat intelligence feeds are, at best, uneven in quality. Close to 70 percent of information security professionals say current threat feeds have a significant issue with timeliness, and...

Read more

Security in agile development

This post is authored by Talhah Mir, Principal PM Manager, WWIT CP ISRM ACE Most enterprises’ security strategies today are multifaceted – encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more...

Read more

Disrupting the kill chain

This post is authored by Jonathan Trull, Worldwide Executive Cybersecurity Advisor, Enterprise Cybersecurity Group. The cyber kill chain describes the typical workflow, including techniques, tactics, and procedures or TTPs, used by attackers to infiltrate an organization’s networks and systems.  The Microsoft Global Incident Response and Recovery (GIRR) Team and Enterprise Threat Detection Service, Microsoft’s managed...

Read more