STRONTIUM: Detecting new patterns in credential harvesting
Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections.
Research
Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft thatโll help you better understand and respond to todayโs challenges.
Refine results
Topic
Products and services
Publish date
Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
-
-
Force firmware code to be measured and attested by Secure Launch on Windows 10
For important security features on Windows to properly do their jobs, the platform’s firmware and hardware must be trustworthy and healthy. -
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts. -
Taking Transport Layer Security (TLS) to the next level with TLS 1.3
TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
-
Inside Microsoft 365 Defender: Solving cross-domain security incidents through the power of correlation analytics
Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains. -
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
Learn how we’re using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times. -
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption
Kernel Data Protection (KDP) is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory. -
Defending Exchange servers under attack
Exchange servers are high-value targets. Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
-
UEFI scanner brings Microsoft Defender ATP protection to a new level
The UEFI scanner is a new component of the built-in antivirus solution on Windows 10 and gives Microsoft Defender ATP the ability to scan inside of the firmware filesystem and perform security assessment. -
Exploiting a crisis: How cybercriminals behaved during the outbreak
Cybercriminals adapted their tactics to match what was going on in the world, and what we saw in the threat environment was parallel to the uptick in COVID-19 headlines and the desire for more information. -
Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation
Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams. -
Inside Microsoft 365 Defender: Attack modeling for finding and stopping lateral movement
Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today.
