Malicious IIS extensions quietly open persistent backdoors into servers
Attackers are increasingly leveraging managed IIS extensions as covert backdoors into servers, providing a durable persistence mechanism for attacks.
Credential theft
Refine results
Topic
Products and services
Publish date
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
-
-
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA). -
Improving AI-based defenses to disrupt human-operated ransomware
To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques that swiftly identify and block malicious files, processes, or behavior observed during active attacks. -
The many lives of BlackCat ransomware
The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy. Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
-
Beneath the surface: Uncovering the shift in web skimming
Web skimming campaigns now employ various obfuscation techniques to deliver and hide the skimming scripts. -
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. -
A clearer lens on Zero Trust security strategy: Part 1
Today’s world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and means. -
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
-
3 steps to secure your multicloud and hybrid infrastructure with Azure Arc
In this blog, we will share how you can increase security for on-premises and hybrid infrastructure through offerings including Azure Arc, Microsoft Defender for Cloud, and Secured-core for Azure Stack HCI. -
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. -
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. -
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it.
