For several years, Microsoft has been helping United States federal and state government groups, including military departments and civilian agencies, transition to a Zero Trust security model. Advanced features in Microsoft Entra ID have helped these organizations meet requirements to employ centralized identity management systems, to use phishing-resistant[…]
Read More
In this age of AI, securing AI and using it to boost security are crucial for every organization. At Microsoft, we are dedicated to helping organizations secure their future with our AI-first, end-to-end security platform. One year ago, we launched Microsoft Security Copilot to empower defenders to detect,[…]
Read MoreWhen you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data while ensuring AI systems remain transparent and compliant.[…]
Read MoreWhen you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data while ensuring AI systems remain transparent and compliant.[…]
Read More
In November 2024, Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) we named StilachiRAT that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of[…]
Read MoreIn an era where discovering and rapidly mitigating security vulnerabilities is more important than ever before, the Microsoft Security Response Center (MSRC) is at the center of this work. MSRC focuses on investigating vulnerabilities, coordinating their disclosure, and releasing security updates to help protect customers and Microsoft from[…]
Read More
Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in[…]
Read More
Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild during routine threat hunting. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. These[…]
Read More
This Women’s History Month serves as a crucial moment for us to lead and continue to pave the way for a more inclusive future. I am truly honored to support my amazing women colleagues who continue to excel in their careers and am grateful to have so many[…]
Read More
In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that impacted nearly one million devices globally in an opportunistic attack to steal information. The attack originated from illegal streaming websites embedded with malvertising redirectors, leading to an intermediary website where the user was then redirected[…]
Read More