As cyberthreats continue to evolve, it’s essential for security professionals to stay informed about the latest attack vectors and defense mechanisms. Kerberoasting is a well-known Active Directory (AD) attack vector whose effectiveness is growing because of the use of GPUs to accelerate password cracking techniques. Because Kerberoasting enables cyberthreat[…]
Read MoreAs cyberthreats continue to evolve, it’s essential for security professionals to stay informed about the latest attack vectors and defense mechanisms. Kerberoasting is a well-known Active Directory (AD) attack vector whose effectiveness is growing because of the use of GPUs to accelerate password cracking techniques. Because Kerberoasting enables cyberthreat[…]
Read MoreIntroduction | Security snapshot | Threat briefingDefending against attacks | Expert profile Education is essentially an “industry of industries,” with K-12 and higher education enterprises handling data that could include health records, financial data, and other regulated information. At the same time, their facilities can host payment processing[…]
Read MoreIntroduction | Security snapshot | Threat briefingDefending against attacks | Expert profile Education is essentially an “industry of industries,” with K-12 and higher education enterprises handling data that could include health records, financial data, and other regulated information. At the same time, their facilities can host payment processing[…]
Read MoreMicrosoft has observed campaigns misusing legitimate file hosting services increasingly use defense evasion tactics involving files with restricted access and view-only restrictions. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and expand threat actor reach to other[…]
Read MoreMicrosoft has observed campaigns misusing legitimate file hosting services increasingly use defense evasion tactics involving files with restricted access and view-only restrictions. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and expand threat actor reach to other[…]
Read MoreThe broad adoption of multicloud and hybrid infrastructures has introduced new complexity to the cloud estates of many businesses. With this complexity comes a broader attack surface for would-be data thieves. Sophisticated ransomware attacks that exploit vulnerabilities in cloud infrastructure are on the rise, as are supply chain[…]
Read MoreAs Cybersecurity Awareness Month marks its 21st year, it’s clear that this year stands out. Phishing emails have become more convincing, and fraud has increased, making cyberattackers seem legitimate—as if they were Microsoft support or even the fraud detection services from your bank.1 And threat actors are taking[…]
Read MoreMicrosoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in[…]
Read MoreSince 2023, Microsoft has seen a 2.75 times increase in the number of organizations encountering ransomware campaigns.1 And up to 90% of successful ransomware campaigns leverage unmanaged endpoints, which are typically personal devices that people bring to work.1 While the number of ransomware attempts has increased drastically, Microsoft[…]
Read More