Skip to content

Microsoft Secure

Future-proofing principles against technological change

In recent years, governments’ concerns about cybersecurity, data protection, and other information and communications technology (ICT) related issues have led to new policies, legislation, and regulation. In response, the ICT industry has consistently called for laws and rules that focus on outcomes and on principles, rather than on processes and prescriptions. This call has become...

Read more

World Backup Day is as good as any to back up your data

In today’s security landscape, there are more threats to data than ever before. Beyond corruption caused by hardware or human failure, malware and cyberattacks can put data in serious danger.  That’s why it’s imperative for enterprises, small-and-medium businesses, and individuals to back up data. It must be implemented systematically, not just on World Backup Day...

Read more

Giving CISOs assurance in the cloud

Recently, I hosted a Chief Information Security Officer roundtable in Washington, DC. Executives from several US government agencies and systems integrators attended to share cloud security concerns and challenges, such as balancing collaboration and productivity against data protection needs, cyber threat detection, and compliance....

Read more

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these...

Read more

3 ways to outsmart attackers by using their own playbook

This blog post was authored by Andrej Budja, Frank Brinkmann, Heath Aubin, Jon Sabberton and Jörg Finkeisen from the Cybersecurity Protection Team, part of the Enterprise Cybersecurity Group. The security landscape has changed. Attackers often know more about the target network and all the ways they can compromise an organization than the targeted organization itself....

Read more

Tax-themed phishing and malware attacks proliferate during the tax filing season

Tax-themed scams and social engineering attacks are as certain as (death or) tax itself. Every year we see these attacks, and 2017 is no different. These attacks circulate year-round as cybercriminals take advantage of the different country and region tax schedules, but they peak in the months leading to U.S. Tax Day in mid-April. The...

Read more