Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America.
Vulnerabilities and exploits
Microsoft security researchers monitor the threat landscape and collaborate with customers, partners, and industry experts to discover new vulnerabilities and exploits. Explore our latest findings and how they inform faster, more effective defenses.
Refine results
Topic
Products and services
Publish date
Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
-
-
The five-day job: A BlackByte ransomware intrusion case study
In a recent investigation by Microsoft Incident Response of a BlackByte 2. -
Cadet Blizzard emerges as a novel and distinct Russian threat actor
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”. -
New macOS vulnerability, Migraine, could bypass System Integrity Protection
A new vulnerability, which we refer to as “Migraine”, could allow an attacker with root access to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device. Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
-
Protecting Android clipboard content from unintended exposure
Microsoft discovered that the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server. -
Introducing kernel sanitizers on Microsoft platforms
We share technical details of our work on the AddressSanitizer (ASAN) and how it contributes to durably improving software quality and security at Microsoft. -
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
Microsoft discovered a vulnerability in macOS, referred to as “Achilles”, allowing attackers to bypass application execution restrictions enforced by the Gatekeeper security mechanism. -
IIS modules: The evolution of web shells and how to detect them
This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations. Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
Mitigate threats with the new threat matrix for Kubernetes
The updated threat matrix for Kubernetes comes in a new format that simplifies usage of the knowledge base and with new content to help mitigate threats. -
Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks. -
Vulnerability in TikTok Android app could lead to one-click account hijacking
Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users’ accounts with a single click. -
Cyber Signals: 3 strategies for protection against ransomware
New Cyber Signals shows more than 80 percent of ransomware attacks can be traced to common configuration errors.
