Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple organizations spanning government, military, technology, retail, and more. Perforce Server[…]
Read MoreThreat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for token-based authentication and authorization that enables applications to get access to data and resources based on permissions set by a user. Threat actors compromise user accounts to create,[…]
Read MoreThe post Strengthening identity protection in the face of highly sophisticated attacks appeared first on Microsoft Security Blog. Source: Microsoft Security
Read MoreAs enterprise networks grow in both size and complexity, securing them from motivated cyberthreat actors becomes more challenging. The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan,[…]
Read MoreIn the past few years, we have witnessed how digital and cloud transformation has accelerated the growth of data. With more and more customers moving to the cloud, and with the rise of hybrid work, data usage has moved beyond the traditional borders of business. Data is now[…]
Read MoreMicrosoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard (formerly SEABORGIUM, also known as COLDRIVER and Callisto Group). Star Blizzard has improved their detection evasion capabilities since 2022 while remaining focused on email credential theft against[…]
Read MoreFirst announced in March 2023, Microsoft Security Copilot—Microsoft’s first generative AI security product—has sparked major interest. The widespread enthusiasm was on full display after announcing our Early Access Program in October 2023 and sharing our incredible Security Copilot innovations at Microsoft Ignite in November 2023. With the rapid[…]
Read MoreMicrosoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access to target networks. The[…]
Read MoreThe post 3 reasons why now is the time to go cloud native for device management appeared first on Microsoft Security Blog. Source: Microsoft Security
Read MoreMicrosoft Power Platform developer tools are enabling professional developers to create more effective business solutions using Power Platform than ever before. Development is faster, applications are more secure, and deployed within managed environments that have guardrails applying organizational policies and promoting best practices. You can quickly: Create low-code[…]
Read More