Explore the latest cybersecurity insights and updates
Ransomware-as-a-service: The new face of industrialized cybercrime
Cybercrime’s newest business model, human-operated attacks, emboldens criminals of varying ability.
Threat Actor Insights
Microsoft Security is actively tracking threat actors across observed nation state, ransomware, and criminal activities. These insights represent publicly published activity from Microsoft Security threat researchers and provide a centralized catalog of actor profiles from the referenced blogs.
Behind the scenes
Expert analysis from inside the Microsoft Security Response Center (MSRC)
Help stay ahead of attacks like LAPSUS$ by going behind the scenes with Russ McRee.
Human operated ransomware—what it is and how to protect your organization from attack
Human operated ransomware is one of the most prevalent and top-of-mind threats for security professionals. Join our technical research team and learn about what developments Microsoft is seeing in the threat landscape, as well as how we can help your business mitigate these types of attacks.
The unseen threat: How cyber vulnerability may be putting our digital lives at risk
In the latest episode of SpyCast, we discuss the everyday dangers lurking in common areas of daily life. From vulnerability in online transactions to pumping gas at the station, we take a deep dive into the day-to-day security concerns of modern life. We also sat down with the founder of the Microsoft Threat Intelligence Center, John Lambert, and Digital Security chief, Cristin Goodwin, for their insights on the rise of dangerous new cybercriminals.
Trending blogs and articles
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourselfMay 9, 2022
Discover how ransomware’s newest business model has transformed one of cybercrime’s oldest threats. We’ll walk you through the players, the mechanics, and best practices for defense.
Microsoft finds new elevation of privilege Linux vulnerability, NimbuspwnApril 26, 2022
Microsoft security researchers have discovered a spate of new vulnerabilities that attackers can exploit to gain root privileges on Linux desktop endpoints. This post will review each vulnerability and examine their affected components.
Microsoft best practices for managing IoT security concernsApril 25, 2022
The Internet of Things (IoT) makes life more convenient, but as IoT technology proliferates throughout devices and systems, security concerns grow. In this post, we’ll explain the principles behind Microsoft’s approach to IoT security.
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomwareApril 13, 2022
In this post, we examine ZLoader attack chains, revealing email and other malicious techniques for delivery and installation. We’ll also detail ZLoader payloads and describe its range of defense evasion capabilities and persistence methods while summarizing best practices for defense.
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965April 4, 2022
Understand how recently discovered vulnerabilities in the widely used Spring Framework for Java may affect your business. This post provides an in-depth breakdown of the SpringShell exploit and details how to detect vulnerable installations on your network.
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructureMarch 16, 2022
In this post, we reveal how attackers establish command-and-control (C2) within compromised MikroTik-brand devices using the Trickbot trojan while providing advice on how to detect, remediate, and prevent infections.