How to protect your CAD data files with MIP and HALOCAD

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Computer-aided design (CAD) files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files contain confidential information and form their core...

3d

A guide to balancing external threats and insider risk

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Rockwell Automation Vice President and Chief Information Security Officer Dawn Cappelli. In this...

3d

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 will be a deep dive on the attacker behavior and will provide investigation guidance.] Combating...

3d

Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management

Today on the Official Microsoft Blog, Microsoft announced the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk, and it employs...

4d

The evolution of a matrix: How ATT&CK for Containers was built

Note: The content of this post is being released jointly with the Center for Threat-Informed Defense. It is co-authored with Chris Ante and Matthew Bajzek. The Center post can be found here. As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the unique security threats that target such environments...

4d

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are private companies that manufacture...

2w

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the current state of consent phishing emails as an initial attack...

2w

MISA expands portfolio and looks ahead during Microsoft Inspire

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog series. Learn more about MISA. Welcome to fiscal year 2022 (FY22) and my first official blog as the MISA Lead. It’s been a whirlwind couple of months getting up to speed with all things MISA—closing out FY21 while continuing to build on the great foundation my...

2w

How Microsoft Security empowers partners to build customer trust

As I reflect on my first year at Microsoft, it was both challenging and exceptional: from my remote onboarding in the middle of a pandemic to dramatic changes in the cyber landscape, to Microsoft’s critical role as a frontline responder in some of the most sophisticated cyberattacks in history and leading the security industry. Our world is changing,...

2w

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures. The vulnerability...

2w