For security professionals and teams, AI offers a significant advantage, empowering organizations of all sizes and industries to tip the scales in favor of defenders. It also introduces new uncertainties and risks that require organizations to create a culture of security to stay protected. Now, more than ever, is the time to put security first. But...

Cybersecurity jobs are more challenging than ever. It’s not just increased speed, scale, and sophistication of cyberattacks that make cybersecurity jobs harder: there are 250 new regulatory updates to be tracked every day,1 cybersecurity teams have a disconnected collection of fragmented tools that they are expected to seamlessly stitch together and...

On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector...

Earlier in Part 11 and Part 22 of this blog series, Microsoft Incident Response outlined the strategies, methodologies, and approaches that are used while performing a cyberthreat hunt in both pre- and post-compromised environments. This chapter outlines how Microsoft Incident Response, in collaboration with partner security teams, leverages three distinct...

Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as well as federal and state government sectors in the United States and the...

If you’re in charge of cybersecurity for a United States government agency, you’re already familiar with Memorandum M-22-09, “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles,” which the US Office of Management and Budget issued in January 2022. This memo set a September 30, 2024, deadline for meeting “specific cybersecurity standards...