Research

Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft that’ll help you better understand and respond to today’s challenges.

Refine Results

Filtered by

Clear All

Research

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Retain Microsoft Security Experts

Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.

Get started
September 15, 2021

8 min read

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

This blog details our in-depth analysis of the attacks that used the CVE-2021-40444, provides detection details and investigation guidance for Microsoft 365 Defender customers, and lists mitigation steps for hardening networks against this and similar attacks.
September 2, 2021

9 min read

A deep-dive into the SolarWinds Serv-U SSH vulnerability

We’re sharing technical information about the vulnerability tracked as CVE-2021-35211, which was used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks.
August 26, 2021

10 min read

Widespread credential phishing campaign abuses open redirector links

Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links, which allow attackers to use a URL in a trusted domain and embed the eventual final malicious URL as a parameter.
August 18, 2021

11 min read

Trend-spotting email techniques: How modern phishing emails hide in plain sight

By spotting trends in the techniques used by attackers in phishing attacks, we can swiftly respond to attacks and use the knowledge to improve customer security and build comprehensive protections through Microsoft Defender for Office 365 and other solutions.
Modernize your Security Operations Center with Microsoft Sentinel

Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.

Learn more
August 12, 2021

13 min read

Attackers use Morse code, other encryption methods in evasive phishing campaign

During our year-long investigation of a targeted, invoice-themed XLS.
August 4, 2021

8 min read

Spotting brand impersonation with Swin transformers and Siamese neural networks

Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks.
July 29, 2021

16 min read

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives.
July 29, 2021

10 min read

BazaCall: Phony call centers lead to exfiltration and ransomware

Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media.
Tailored AI insights from Microsoft Security Copilot

Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.

Learn more
July 27, 2021

7 min read

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques

A new approach for malware classification combines deep learning with fuzzy hashing.
July 22, 2021

8 min read

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations.
July 15, 2021

11 min read

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).
July 14, 2021

8 min read

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.