Skip to content
Microsoft Secure

Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing

Advanced cyberattacks emphasize stealth and persistence: the longer they stay under the radar, the more they can move laterally, exfiltrate data, and cause damage. To avoid detection, attackers are increasingly turning to cross-process injection. Cross-process injection gives attackers the ability to run malicious code that masquerades as legitimate programs. With code injection, attackers don’t have...

Read more

Windows 10 platform resilience against the Petya ransomware attack

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices. Read our latest report: A worthy upgrade:...

Read more

Cybersecurity: a question of trust

This post is authored by Robert Hayes, Senior Director and Chief Security Advisor in Microsoft’s Enterprise Cybersecurity Group. With the scale, scope, and complexity of cyber-attacks increasing by the week, cybersecurity is increasingly being seen as a primary issue for CEOs & Boards. Advice is not hard to find, and there are a multitude of...

Read more

Top Five Security Threats Facing Your Business and How to Respond

This post was authored by Ann Johnson, Vice-President, Enterprise Cybersecurity Group Headlines highlighting how vulnerable we are to cyber threats are now all too commonplace. The statistics on security events and successful network breaches continue a trend that favors attackers. These bad actors are getting faster at network compromise and data theft while their dwell...

Read more

Transparency & Trust in the Cloud Series: Kansas City, St. Louis, Minneapolis

Over the last few months, Microsoft has hosted a series of events to bring together Chief Information Officers (CIO) and their legal counsels, Chief Information Security Officers (CISO), as well as IT operations leaders from enterprises in cities across the US. These “Transparency & Trust in the Cloud” events aim to highlight and discuss the security, privacy, compliance, and transparency capabilities of...

Read more

Windows 10: Continuing to Raise the Security Bar for Cybercriminals

Today, Jim Alkove made some important announcements about how we are raising the security bar for cybercriminals in Windows 10 through a blog post entitled “Windows 10: Security and identify protection for the modern world.” His post details important changes to Windows that can be summarized in three key areas: identity protection and access control,...

Read more

Looking Forward: Trustworthy Computing

When Bill Gates announced the Trustworthy Computing Initiative in 2002, he recognized that we needed to change both our processes and culture if we were to make fundamental changes in our products. To ensure that occurred, a centralized group was given responsibility to drive the initiative forward. At the 10 year milestone in 2012, a...

Read more

Get advance notice about September 2014 security updates

Today, the Microsoft Security Response Center (MSRC) posted details about the September security updates. If you have automatic updating turned on, most of these updates will download and install on their own. Sometimes you may need to provide input for Windows Update during an installation. In this case, you’ll see an alert in the notification area at...

Read more

Do you know your kids’ passwords?

This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them. Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values. However, kids of any age and responsibility level need to know how...

Read more

Create stronger passwords and protect them

All week we’ll be posting our best guidance on how to create, protect, and manage your passwords. Passwords are your first line of defense against hackers. Pick passwords that are difficult to crack but easy for you to remember. What does “difficult to crack” mean? Each time cybercriminals hack into a database of passwords, they...

Read more