Skip to main content
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
Home
Solutions
Cloud security
Cloud workload protection
Frontline workers
Identity & access
Industrial & critical infrastructure
Information protection & governance
IoT security
Passwordless authentication
Phishing
Ransomware
Risk management
Secure remote work
SIEM & XDR
Small & medium business
Zero Trust
Products
Product families
Product families
Microsoft Defender
Microsoft Entra
Microsoft Intune
Microsoft Priva
Microsoft Purview
Microsoft Sentinel
Security AI
Security AI
Microsoft Security Copilot
Identity & access
Identity & access
Azure Active Directory part of Microsoft Entra
Microsoft Entra Identity Governance
Microsoft Entra Permissions Management
Microsoft Entra Verified ID
Microsoft Entra Workload Identities
Azure Key Vault
SIEM & XDR
SIEM & XDR
Microsoft Sentinel
Microsoft Defender for Cloud
Microsoft 365 Defender
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Defender Vulnerability Management
Microsoft Defender Threat Intelligence
Cloud security
Cloud security
Microsoft Defender for Cloud
Microsoft Defender Cloud Security Posture Mgmt
Microsoft Defender for DevOps
Microsoft Defender External Attack Surface Management
Azure Firewall
Azure Web App Firewall
Azure DDoS Protection
GitHub Advanced Security
Endpoint security & management
Endpoint security & management
Microsoft Defender for Endpoint
Microsoft 365 Defender
Microsoft Intune Core
Microsoft Defender for IoT
Microsoft Defender for Business
Microsoft Defender Vulnerability Management
Risk management & privacy
Risk management & privacy
Microsoft Purview Insider Risk Management
Microsoft Purview Communication Compliance
Microsoft Purview eDiscovery
Microsoft Purview Compliance Manager
Microsoft Purview Audit
Microsoft Priva Risk Management
Microsoft Priva Subject Rights Requests
Information protection
Information protection
Microsoft Purview Information Protection
Microsoft Purview Data Lifecycle Management
Microsoft Purview Data Loss Prevention
Services
Microsoft Security Experts
Microsoft Defender Experts for Hunting
Microsoft Security Services for Enterprise
Microsoft Incident Response
Microsoft Security Services for Modernization
Partners
Resources
Get started
Get started
Cybersecurity awareness
Customer stories
Security 101
Product trials
How we protect Microsoft
Reports and analysis
Reports and analysis
Industry recognition
Microsoft Security Insider
Microsoft Digital Defense Report
Security Response Center
Community
Community
Microsoft Security Blog
Microsoft Security Events
Microsoft Tech Community
Documentation and training
Documentation and training
Documentation
Technical Content Library
Training & certifications
Cyberattack support
Cyberattack support
Under attack?
Additional sites
Additional sites
Compliance Program for Microsoft Cloud
Microsoft Trust Center
Security Engineering Portal
Service Trust Portal
Contact Sales
More
Start free trial
All Microsoft
Global
Microsoft Security
Azure
Dynamics 365
Microsoft 365
Microsoft Teams
Windows 365
Tech & innovation
Tech & innovation
Microsoft Cloud
AI
Azure Space
Mixed reality
Microsoft HoloLens
Microsoft Viva
Quantum computing
Sustainability
Industries
Industries
Education
Automotive
Financial services
Government
Healthcare
Manufacturing
Retail
All industries
Partners
Partners
Find a partner
Become a partner
Partner Network
Find an advertising partner
Become an advertising partner
Azure Marketplace
AppSource
Resources
Resources
Blog
Microsoft Advertising
Developer Center
Documentation
Events
Licensing
Microsoft Learn
Microsoft Research
View Sitemap
Search
Search Microsoft Security
No results
Cancel
Sign in
Microsoft security intelligence
Security research and threat intelligence from our global network of security experts.
bars
Category filters menu
Recent articles
Products and solutions
See all
Azure Active Directory
Azure Information Protection
Microsoft 365 Defender
Microsoft 365 Security
Microsoft Authenticator
See all
Azure Active Directory
Azure Information Protection
Microsoft 365 Defender
Microsoft 365 Security
Microsoft Authenticator
Microsoft Defender for Cloud
Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Endpoint Manager
Microsoft Graph Security API
Microsoft Defender for Cloud
Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Endpoint Manager
Microsoft Graph Security API
Microsoft Sentinel
Office 365 Security
Secure Score
Windows Security
XDR
Microsoft Sentinel
Office 365 Security
Secure Score
Windows Security
XDR
Topics
See all
AI and machine learning
Automation
Cloud Access Security Broker
Compliance
Cybersecurity policy
Data governance
Email security
See all
AI and machine learning
Automation
Cloud Access Security Broker
Compliance
Cybersecurity policy
Data governance
Email security
Encryption
Endpoint security
GDPR
Identity and access management
Incident response
Information/data protection
IoT
Mobile security
Encryption
Endpoint security
GDPR
Identity and access management
Incident response
Information/data protection
IoT
Mobile security
Network security
Phishing
Privacy
Ransomware
Security deployment
Security intelligence
Security management
Security operations
Network security
Phishing
Privacy
Ransomware
Security deployment
Security intelligence
Security management
Security operations
Security strategies
SIEM
Threat protection
XDR
Zero trust
Security strategies
SIEM
Threat protection
XDR
Zero trust
Series
See all
CISO series
Compliance and data governance
Identity and access management
Integrated Threat Protection
IoT security
Microsoft Detection and Response Team (DART)
See all
CISO series
Compliance and data governance
Identity and access management
Integrated Threat Protection
IoT security
Microsoft Detection and Response Team (DART)
Microsoft Intelligent Security Association (MISA)
Microsoft Security Experts
Microsoft security intelligence
Secure remote work
Security deployment
Voice of the community
Voice of the customer
Microsoft Intelligent Security Association (MISA)
Microsoft Security Experts
Microsoft security intelligence
Secure remote work
Security deployment
Voice of the community
Voice of the customer
Related blogs
Azure Active Directory Identity
Microsoft 365
Microsoft Endpoint Management
Microsoft Security Guidance
Microsoft Security Response Center
Security in Azure
Tech Community
Azure Active Directory Identity
Microsoft 365
Microsoft Endpoint Management
Microsoft Security Guidance
Microsoft Security Response Center
Security in Azure
Tech Community
Subscribe
Featured image for KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
March 17, 2023
• 6 min read
KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
KillNet, a group that the US Department of Health and Human Services (DHHS) has called pro-Russia hacktivists, has been launching waves of attacks targeting governments and companies with focus on the healthcare sector. In this blog post, we provide an overview of the DDoS attack landscape against healthcare applications hosted in Azure over three months.
Read more
KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
Featured image for DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
March 13, 2023
• 7 min read
DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
DEV-1101 is an actor tracked by Microsoft responsible for the development, support, and advertising of several AiTM phishing kits, including an open-source kit capable of circumventing MFA through reverse-proxy functionality.
Read more
DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
Featured image for Protecting Android clipboard content from unintended exposure
March 6, 2023
• 6 min read
Protecting Android clipboard content from unintended exposure
Microsoft discovered that the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server.
Read more
Protecting Android clipboard content from unintended exposure
Featured image for New research, tooling, and partnerships for more secure AI and machine learning
March 2, 2023
• 10 min read
New research, tooling, and partnerships for more secure AI and machine learning
At Microsoft, we’ve been working on the challenges and opportunities of AI for years. Today we’re sharing some recent developments so that the community can be better informed and better equipped for a new world of AI exploration.
Read more
New research, tooling, and partnerships for more secure AI and machine learning
Featured image for 2022 in review: DDoS attack trends and insights
February 21, 2023
• 6 min read
2022 in review: DDoS attack trends and insights
With DDoS attacks becoming more frequent, sophisticated, and inexpensive to launch, it’s important for organizations of all sizes to be proactive and stay protected. In this blog, we detail trends and insights into DDoS attacks we observed and mitigated throughout 2022.
Read more
2022 in review: DDoS attack trends and insights
Featured image for Introducing kernel sanitizers on Microsoft platforms
January 26, 2023
• 16 min read
Introducing kernel sanitizers on Microsoft platforms
We share technical details of our work on the AddressSanitizer (ASAN) and how it contributes to durably improving software quality and security at Microsoft.
Read more
Introducing kernel sanitizers on Microsoft platforms
Featured image for Microsoft research uncovers new Zerobot capabilities
December 21, 2022
• 12 min read
Microsoft research uncovers new Zerobot capabilities
The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.
Read more
Microsoft research uncovers new Zerobot capabilities
Featured image for Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
December 19, 2022
• 9 min read
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
Microsoft discovered a vulnerability in macOS, referred to as “Achilles”, allowing attackers to bypass application execution restrictions enforced by the Gatekeeper security mechanism.
Read more
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
Featured image for MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
December 15, 2022
• 8 min read
MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
The Microsoft Defender for IoT research team analyzed a cross-platform botnet that infects both Windows and Linux systems from PCs to IoT devices, to launch distributed denial of service (DDoS) attacks against private Minecraft servers.
Read more
MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
Featured image for IIS modules: The evolution of web shells and how to detect them
December 12, 2022
• 10 min read
IIS modules: The evolution of web shells and how to detect them
This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations.
Read more
IIS modules: The evolution of web shells and how to detect them
Featured image for Mitigate threats with the new threat matrix for Kubernetes
December 7, 2022
• 4 min read
Mitigate threats with the new threat matrix for Kubernetes
The updated threat matrix for Kubernetes comes in a new format that simplifies usage of the knowledge base and with new content to help mitigate threats.
Read more
Mitigate threats with the new threat matrix for Kubernetes
Featured image for DEV-0139 launches targeted attacks against the cryptocurrency industry
December 6, 2022
• 17 min read
DEV-0139 launches targeted attacks against the cryptocurrency industry
Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.
Read more
DEV-0139 launches targeted attacks against the cryptocurrency industry
1
2
3
…
26
Next Page
