Skip to main content
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
Home
Solutions
Cloud security
Frontline workers
Identity & access
Industrial & critical infrastructure
Information protection & governance
IoT security
Passwordless authentication
Phishing
Ransomware
Risk management
Secure remote work
SIEM & XDR
Small & medium business
Zero Trust
Products
Product families
Product families
Microsoft Defender
Microsoft Entra
Microsoft Purview
Identity & access
Identity & access
Azure Active Directory part of Microsoft Entra
Microsoft Entra Permissions Management
Microsoft Entra Verified ID
Azure Key Vault
SIEM & XDR
SIEM & XDR
Microsoft Sentinel
Microsoft Defender for Cloud
Microsoft 365 Defender
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Defender Vulnerability Management
Microsoft Defender Threat Intelligence
Cloud security
Cloud security
Microsoft Defender for Cloud
Microsoft Defender External Attack Surface Management
Azure Firewall
Azure Web App Firewall
Azure DDoS Protection
GitHub Advanced Security
Endpoint security
Endpoint security
Microsoft 365 Defender
Microsoft Defender for Endpoint
Microsoft Defender for IoT
Microsoft Defender for Business
Microsoft Defender Vulnerability Management
Risk management & privacy
Risk management & privacy
Microsoft Purview Insider Risk Management
Microsoft Purview Communication Compliance
Microsoft Purview eDiscovery
Microsoft Purview Compliance Manager
Microsoft Purview Audit
Microsoft Priva Risk Management
Microsoft Priva Subject Rights Requests
Information protection
Information protection
Microsoft Purview Information Protection
Microsoft Purview Data Lifecycle Management
Microsoft Purview Data Loss Prevention
Device management
Device management
Microsoft Endpoint Manager
Services
Microsoft Security Experts
Microsoft Defender Experts for Hunting
Microsoft Security Services for Enterprise
Microsoft Security Services for Incident Response
Microsoft Security Services for Modernization
Partners
Resources
Get started
Get started
Customer stories
Security 101
Product trials
How we protect Microsoft
Reports and analysis
Reports and analysis
Industry recognition
Microsoft Security Insider
Microsoft Digital Defense Report
Security Response Center
Community
Community
Microsoft Security Blog
Microsoft Security Events
Microsoft Tech Community
Documentation and training
Documentation and training
Documentation
Technical Content Library
Training & certifications
Additional sites
Additional sites
Compliance Program for Microsoft Cloud
Microsoft Trust Center
Security Engineering Portal
Service Trust Portal
Contact sales
More
Start free trial
All Microsoft
Microsoft Security
Azure
Dynamics 365
Microsoft 365
Microsoft Teams
Windows 365
Tech & innovation
Tech & innovation
Microsoft Cloud
AI
Azure Space
Mixed reality
Microsoft HoloLens
Microsoft Viva
Quantum computing
Sustainability
Industries
Industries
Education
Automotive
Financial services
Government
Healthcare
Manufacturing
Retail
All industries
Partners
Partners
Find a partner
Become a partner
Partner Network
Find an advertising partner
Become an advertising partner
Azure Marketplace
AppSource
Resources
Resources
Blog
Microsoft Advertising
Developer Center
Documentation
Events
Licensing
Microsoft Learn
Microsoft Research
View Sitemap
Search
Search Microsoft Security
Cancel
Sign in
Microsoft security intelligence
Security research and threat intelligence from our global network of security experts.
bars
Category filters menu
Recent articles
Products and solutions
See all
Azure Active Directory
Azure Information Protection
Microsoft 365 Defender
Microsoft 365 Security
Microsoft Authenticator
See all
Azure Active Directory
Azure Information Protection
Microsoft 365 Defender
Microsoft 365 Security
Microsoft Authenticator
Microsoft Defender for Cloud
Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Endpoint Manager
Microsoft Graph Security API
Microsoft Defender for Cloud
Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Endpoint Manager
Microsoft Graph Security API
Microsoft Sentinel
Office 365 Security
Secure Score
Windows Security
XDR
Microsoft Sentinel
Office 365 Security
Secure Score
Windows Security
XDR
Topics
See all
AI and machine learning
Automation
Cloud Access Security Broker
Compliance
Cybersecurity policy
Data governance
Email security
See all
AI and machine learning
Automation
Cloud Access Security Broker
Compliance
Cybersecurity policy
Data governance
Email security
Encryption
Endpoint security
GDPR
Identity and access management
Incident response
Information/data protection
IoT
Mobile security
Encryption
Endpoint security
GDPR
Identity and access management
Incident response
Information/data protection
IoT
Mobile security
Network security
Phishing
Privacy
Ransomware
Security deployment
Security intelligence
Security management
Security operations
Network security
Phishing
Privacy
Ransomware
Security deployment
Security intelligence
Security management
Security operations
Security strategies
SIEM
Threat protection
XDR
Zero trust
Security strategies
SIEM
Threat protection
XDR
Zero trust
Series
See all
CISO series
Compliance and data governance
Identity and access management
Integrated Threat Protection
IoT security
Microsoft Detection and Response Team (DART)
See all
CISO series
Compliance and data governance
Identity and access management
Integrated Threat Protection
IoT security
Microsoft Detection and Response Team (DART)
Microsoft Intelligent Security Association (MISA)
Microsoft Security Experts
Microsoft security intelligence
Secure remote work
Security deployment
Voice of the community
Voice of the customer
Microsoft Intelligent Security Association (MISA)
Microsoft Security Experts
Microsoft security intelligence
Secure remote work
Security deployment
Voice of the community
Voice of the customer
Related blogs
Azure Active Directory Identity
Microsoft 365
Microsoft Endpoint Management
Microsoft Security Guidance
Microsoft Security Response Center
Security in Azure
Tech Community
Azure Active Directory Identity
Microsoft 365
Microsoft Endpoint Management
Microsoft Security Guidance
Microsoft Security Response Center
Security in Azure
Tech Community
Subscribe
Featured image for ZINC weaponizing open-source software
September 29, 2022
• 12 min read
ZINC weaponizing open-source software
In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.
Read more
ZINC weaponizing open-source software
Featured image for Malicious OAuth applications abuse cloud email services to spread spam
September 22, 2022
• 11 min read
Malicious OAuth applications abuse cloud email services to spread spam
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
Read more
Malicious OAuth applications abuse cloud email services to spread spam
Featured image for Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
September 21, 2022
• 7 min read
Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions. Users who install the mobile app are unknowingly installing an Android malware with remote access trojan (RAT) capabilities.
Read more
Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
Featured image for Microsoft investigates Iranian attacks against the Albanian government
September 8, 2022
• 20 min read
Microsoft investigates Iranian attacks against the Albanian government
Shortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.
Read more
Microsoft investigates Iranian attacks against the Albanian government
Featured image for Profiling DEV-0270: PHOSPHORUS’ ransomware operations
September 7, 2022
• 11 min read
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Microsoft threat intelligence teams have been tracking multiple ransomware campaigns tied to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS.
Read more
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Featured image for Vulnerability in TikTok Android app could lead to one-click account hijacking
August 31, 2022
• 11 min read
Vulnerability in TikTok Android app could lead to one-click account hijacking
Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users' accounts with a single click.
Read more
Vulnerability in TikTok Android app could lead to one-click account hijacking
Featured image for MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
August 25, 2022
• 9 min read
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.
Read more
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
Featured image for MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
August 24, 2022
• 21 min read
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.
Read more
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
Featured image for Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
August 24, 2022
• 10 min read
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.
Read more
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
Featured image for Uncovering a ChromeOS remote memory corruption vulnerability
August 19, 2022
• 8 min read
Uncovering a ChromeOS remote memory corruption vulnerability
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
Read more
Uncovering a ChromeOS remote memory corruption vulnerability
Featured image for Hardware-based threat defense against increasingly complex cryptojackers
August 18, 2022
• 4 min read
Hardware-based threat defense against increasingly complex cryptojackers
To provide advanced protection against increasingly complex and evasive cryptojackers, Microsoft Defender Antivirus integrates with Intel® Threat Detection Technology (TDT) that applies machine learning to low-level CPU telemetry in detecting cryptojackers, even when the malware is obfuscated and can evade security tools.
Read more
Hardware-based threat defense against increasingly complex cryptojackers
Featured image for Disrupting SEABORGIUM’s ongoing phishing operations
August 15, 2022
• 12 min read
Disrupting SEABORGIUM’s ongoing phishing operations
The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.
Read more
Disrupting SEABORGIUM’s ongoing phishing operations
1
2
3
…
24
Next Page
