Skip to content

Microsoft Secure

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis

Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they might need for malware campaigns: encryption, hosting, antimalware evasion, spamming, and many others. Hawkeye Keylogger is an...

Read more

fig-1-overview-exploit-process

Taking apart a double zero-day sample discovered in joint hunt with ESET

In late March 2018, I analyzed an interesting PDF sample found by ESET senior malware researcher Anton Cherepanov. The sample was initially reported to Microsoft as a potential exploit for an unknown Windows kernel vulnerability. During my investigation in parallel with ESET researchers, I was surprised to discover two new zero-day exploits in the same PDF....

Read more

fig5-multilayered-ML-models-non-pe

Machine learning vs. social engineering

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware,...

Read more

VBS-secure-memory-enclave

Virtualization-based security (VBS) memory enclaves: Data protection through isolation

The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution capability, resulting in widescale global outbreaks. Windows 10 remained resilient to these attacks,...

Read more

note-3

Adding transparency and context into industry AV test results

  Corporate Vice President Brad Anderson recently shared his insights on how Windows Defender Advanced Threat Protection (Windows Defender ATP) evolved to achieve important quality milestones. Our Windows Defender ATP team is committed to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions. In the continued spirit of these principles, we...

Read more

Securing the modern workplace with Microsoft 365 threat protection – part 4

This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security.  Responding to ransomware in the Modern Workplace Over the last few weeks, we have shared the roots of Microsoft 365 threat protection and how Microsoft 365 threat protection helps protect against and detect a modern ransomware attack. Today, we conclude our...

Read more

Use Windows Information Protection (WIP) to help make accidental data leakage a thing of the past

Have you always wished you could have mobile application management (MAM) on Windows? Now you can! Windows Information Protection (WIP) is an out-of-the box data leakage prevention feature for Windows 10 that can automatically apply protection for work files and data to prevent accidental data leakage. With 600 million active Windows 10 devices, corporate customers...

Read more

Here is Homeland Security, black swans, and thwarted cyberattacks

Last week, I had the honor of addressing The Homeland Security Training Institute (HSTI) at the College of DuPage as part of the HSTI Live educational series. The event featured other prominent speakers at the forefront of cybersecurity defense, including: Dave Tyson, CEO of CISO Insights, a global cybersecurity consultant and Nicole Darden Ford, Vice...

Read more