Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other[…]
Read More
Since our announcement in July 2023, we have made significant efforts to enhance the access to Microsoft Purview’s audit logging.1 This ongoing work expands accessibility and flexibility to cloud security logs, which began rolling out to customers around the world in September 2023. Our decision to update the[…]
Read More
Our experience and insights from real-world incidents tell us that the swift containment of compromised user accounts is key to disrupting hands-on-keyboard attacks, especially those that involve human-operated ransomware. In these attacks, lateral movement follows initial access as the next critical stage for attackers to advance their objective[…]
Read More
Defenders need every edge they can get in the fight against ransomware. Today, we’re pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other capabilities. Now, organizations[…]
Read More
Since we first introduced Microsoft Security Experts in May 2022, we’ve worked hard to expand our new security services category. In the past 16 months, we’ve launched new services, expanded our capabilities, and introduced new ways to buy. Our customers face an unprecedented number of security threats that[…]
Read More
AI is here, and it’s ready to support work. On complex challenges like analyzing troves of data, speeding up time-consuming tasks, or helping customers help themselves—the newest AI sets up organizations for operational excellence by allowing employees to quickly create solutions for complicated problems on their own. That’s[…]
Read More
Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach we’ve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Server. The attackers initially[…]
Read More
Welcome to the second Microsoft Power Platform Conference! Since the first conference, there has been a seismic shift in how we build low-code solutions. With Power Platform Copilot, we are now in the era of AI-assisted low-code development. As such, this year’s conference is focused on helping the[…]
Read More
This year marks the twentieth anniversary of Cybersecurity Awareness Month, when we partner with the National Cybersecurity Alliance, the United States Cybersecurity and Infrastructure Security Agency (CISA), and organizations around the world to amplify the importance of cybersecurity best practices and how to be cybersmart. Initially, this moment[…]
Read More
During the past few years, we’ve managed a lot of change and disruption in our security work, in our lives, and in society at large. This year we’re excited to welcome back security leaders, aspiring leaders, and IT professionals—in person—to Microsoft Ignite from November 14 to 17, 2023,[…]
Read More