EDR in block mode stops IcedID cold
Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats.
-
-
Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020. -
Trickbot disrupted
Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. -
Sophisticated new Android malware marks the latest evolution of mobile ransomware
We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. -
Industry-wide partnership on threat-informed defense improves security for all
MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). -
STRONTIUM: Detecting new patterns in credential harvesting
Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections. -
Inside Microsoft 365 Defender: Mapping attack chains from cloud to endpoint
In the first blog in the Inside Microsoft Threat Protection series, we will show how MTP provides unparalleled end-to-end visibility into the activities of nation-state level attacks like HOLMIUM. -
UEFI scanner brings Microsoft Defender ATP protection to a new level
The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment. -
Exploiting a crisis: How cybercriminals behaved during the outbreak
Cybercriminals adapted their tactics to match what was going on in the world, and what we saw in the threat environment was parallel to the uptick in COVID-19 headlines and the desire for more information. -
Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation
Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams. -
Inside Microsoft 365 Defender: Attack modeling for finding and stopping lateral movement
Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today. -
Open-sourcing new COVID-19 threat intelligence
While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.
