Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020.
Threat intelligence
The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.
Refine results
Topic
Products and services
Publish date
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
-
-
EDR in block mode stops IcedID cold
Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats. -
Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020. -
System Management Mode deep dive: How SMM isolation hardens the platform
Key to defending the hypervisor, and by extension the rest of the OS, from low-level threats is protecting System Management Mode (SMM), an execution mode in x86-based processors that runs at a higher effective privilege than the hypervisor. Streamline privacy management with Microsoft Priva
Protect and govern personal information, reduce privacy risks, and manage subject rights requests at scale with Microsoft Priva privacy risk management solutions.
-
Trickbot disrupted
Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. -
Sophisticated new Android malware marks the latest evolution of mobile ransomware
We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. -
Industry-wide partnership on threat-informed defense improves security for all
MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). -
STRONTIUM: Detecting new patterns in credential harvesting
Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections. Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
-
Force firmware code to be measured and attested by Secure Launch on Windows 10
For important security features on Windows to properly do their jobs, the platform’s firmware and hardware must be trustworthy and healthy. -
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts. -
Taking Transport Layer Security (TLS) to the next level with TLS 1.3
TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. -
Inside Microsoft 365 Defender: Solving cross-domain security incidents through the power of correlation analytics
Through deep correlation logic, Microsoft Threat Protection automatically finds links between related signals across domains.
