Original release date: December 17, 2020
Summary
This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques.
The Cybersecurity and Infrastructure...
Original release date: August 26, 2020
Summary
This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques.
This joint advisory is the result of analytic efforts among...
apt38
atm cash-outs
bank heists
beagleboyz
cryptocurrency
cyber threats
cybersecurity
data security
exfiltration techniques
financial services
hidden cobra
incident response
international fraud
iso 8583
malware
mitre att&ck
north korea
operationalsecurity
swift fraud
threat detection
Original release date: April 29, 2020
Summary
As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these...
alerts
audit logging
azure active directory
best practices
cloud collaboration
configuration
cybersecurity
data protection
least privilege
legacy protocols
microsoft teams
multi-factor authentication
office 365
operationalsecurity
phishing prevention
recommendations
security
siem integration
user access control
work from home
For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security. We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture...
best practices
blue teams
bug bounty
cloud security
coordinated disclosure
customer tips
cybersecurity
government programs
industry programs
microsoft
msrc
operationalsecurity
red teams
secure code
securitysecurity conferences
security practices
security strategy
videos
vulnerability
This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center (MSRC) business and how we work with security researchers and vulnerability reports.
The Microsoft Security Response Center actively recognizes those security researchers who help us...
Original release date: June 24, 2013
Systems Affected
Any system using password authentication accessible from the internet may be affected. Critical infrastructure and other important embedded systems, appliances, and devices are of particular concern.
Overview
Attackers can easily...