Microsoft to remove WoSign and StartCom certificates in Windows 10
Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program.
-
-
Windows Defender ATP machine learning: Detecting new and unusual breach activity
Microsoft has been investing heavily in next-generation security technologies. -
Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware
For cybercriminals, speed is the name of the game. -
Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing
Advanced cyberattacks emphasize stealth and persistence: the longer they stay under the radar, the more they can move laterally, exfiltrate data, and cause damage. -
Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation
On May 12, there was a major outbreak of WannaCrypt ransomware. -
New ransomware, old techniques: Petya adds worm capabilities
On June 27, 2017 reports of a ransomware infection began spreading across Europe. -
Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security
On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. -
WannaCrypt ransomware worm targets out-of-date systems
In this blog, we provide an early analysis of the end-to-end ransomware attack. -
Tech support scams persist with increasingly crafty techniques
Technical support scams continue to evolve, employing more and more complex social engineering tactics that can increase panic and create a false sense of legitimacy or urgency in an effort to get more victims. -
Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005
On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. -
Uncovering cross-process injection with Windows Defender ATP
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity.
