Tag: Microsoft Security Blog

Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. This edition of Cyber Signals takes you inside the work underway and important milestones achieved that protect customers. The post Cyber Signals Issue 9 |…

Read more →

Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration. The post Threat actors misuse Node.js to deliver malware…

Read more →

Microsoft Secure Score is important, but the increasing sophistication of security requirements has driven the development of more comprehensive security initiatives using Microsoft Security Exposure Management. The post ​​Transforming security​ with Microsoft Security Exposure Management initiatives​  appeared first on Microsoft…

Read more →

Register to attend one or all our Learn Live sessions to learn how to secure your environment for AI adoption. The post Explore how to secure AI by attending our Learn Live Series appeared first on Microsoft Security Blog. This…

Read more →

For RSAC 2025, Microsoft Security is bringing an exciting lineup of sessions, expert panels, and exclusive networking opportunities to empower security professionals in the era of AI. The post The ultimate guide to Microsoft Security at RSAC 2025  appeared first…

Read more →

Exchange Server and SharePoint Server are business-critical assets and considered crown-jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server integrated Windows Antimalware Scan…

Read more →

Read how cyberattackers exploit domain controllers to gain privileged system access where they deploy ransomware that causes widespread damage and operational disruption. The post How cyberattackers exploit domain controllers using ransomware appeared first on Microsoft Security Blog. This article has…

Read more →

Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to…

Read more →

Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy CISOs share their experiences in cybersecurity and how they are redefining protection. The post Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity…

Read more →

During the Tech Accelerator event on April 22, 2025, you will learn how to leverage Microsoft security guidance, products, and tooling throughout your cloud journey. The post Tech Accelerator: Azure security and AI adoption appeared first on Microsoft Security Blog.…

Read more →

As Tax Day approaches in the United States on April 15, Microsoft has detected several tax-themed phishing campaigns employing various tactics. These campaigns use malicious hyperlinks and attachments to deliver credential phishing and malware including RaccoonO365, AHKBot, Latrodectus, BruteRatel C4…

Read more →

Read how Microsoft’s unified security operations platform can use generative AI to transform cybersecurity for the public sector. The post Transforming public sector security operations in the AI era appeared first on Microsoft Security Blog. This article has been indexed…

Read more →

Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we identified and refined…

Read more →

Microsoft Purview delivers a comprehensive set of solutions that help customers seamlessly secure and confidently activate data in the era of AI. The post New innovations in Microsoft Purview for protected, AI-ready data appeared first on Microsoft Security Blog. This…

Read more →

Discover how the U.S. Department of Labor enhanced security and modernized authentication with Microsoft Entra ID and phishing-resistant authentication. The post US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID appeared first on Microsoft Security Blog.…

Read more →

Learn about the upcoming availability of Microsoft Security Copilot agent and other new offerings for a more secure AI future. The post Microsoft unveils Microsoft Security Copilot agents and new protections for AI appeared first on Microsoft Security Blog. This…

Read more →

When you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data…

Read more →

Microsoft Incident Response uncovered a novel remote access trojan (RAT) named StilachiRAT, which demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. This blog primarily focuses on analysis of the WWStartupCtrl64.dll module that contains…

Read more →

Learn about the Microsoft Security Response Center, which investigates vulnerabilities and releases security updates to help protect customers from cyberthreats. The post How MSRC coordinates vulnerability research and disclosure while building community appeared first on Microsoft Security Blog. This article…

Read more →

Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique…

Read more →