6 Maggio 2024
New capabilities to help you secure your AI transformation

AI is transforming our world, unlocking new possibilities to enhance human abilities and to extend opportunities globally. At the same time, we are also facing an unprecedented threat landscape with the speed, scale, and sophistication of attacks increasing rapidly. To meet these challenges, we must ensure that AI[…]

Read More
3 Maggio 2024
Security above all else—expanding Microsoft’s Secure Future Initiative

Last November, we launched the Secure Future Initiative (SFI) to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to rapidly evolve, and we[…]

Read More
2 Maggio 2024
Microsoft introduces passkeys for consumer accounts

Ten years ago, Microsoft envisioned a bold future: a world free of passwords. Every year, we celebrate World Password Day by updating you on our progress toward eliminating passwords for good. Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision of simple,[…]

Read More
1 Maggio 2024
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution[…]

Read More
25 Aprile 2024
​​Investigating industrial control systems using Microsoft’s ICSpector open-source framework

The post ​​Investigating industrial control systems using Microsoft’s ICSpector open-source framework appeared first on Microsoft Security Blog. Source: Microsoft Security

Read More
24 Aprile 2024
5 ways a CNAPP can strengthen your multicloud security environment

The cloud security market continues to evolve, reflecting the diligent efforts of security professionals globally. They are at the forefront of developing innovative solutions and strategies to address the sophisticated tactics of cyberattackers. The necessity for these solutions to stay ahead of potential exploitation methods is clear. One[…]

Read More
23 Aprile 2024
New Microsoft Incident Response guide helps simplify cyberthreat investigations

There’s an increasing demand for skilled cybersecurity professionals. It’s being driven by a surge in cyberthreats and more sophisticated attackers. However, many employers are hesitant to fill open cybersecurity roles and are hiring conservatively in case of economic downturn—even though they understand the importance of having the right[…]

Read More
22 Aprile 2024
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has[…]

Read More
18 Aprile 2024
How Microsoft Power Platform is driving real-world impact—March customer success stories

Leading organizations worldwide are harnessing Microsoft Power Platform to revolutionize their operations, with 33 million monthly active users driving innovation and transformation. From groundbreaking applications to significant outcomes, our customer stories vividly illustrate the tangible impact of our technology. We’re thrilled to showcase some of these inspiring stories[…]

Read More
17 Aprile 2024
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. OpenMetadata is an open-source platform designed to manage metadata across various data sources. It[…]

Read More