8 Giugno 2023
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations. The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations. This attack shows the[…]

Read More
7 Giugno 2023
Join our digital event to learn what’s new in Microsoft Entra

In today’s interconnected world, there’s virtually no limit to what technology can help us achieve. Millions of connections happen every moment between people, machines, apps, and devices. Digital connectivity fuels new possibilities for us in business, helps us make positive changes in the way we live and work,[…]

Read More
6 Giugno 2023
Why a proactive detection and incident response plan is crucial for your organization

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matt Suiche, Director of Research and Development for Memory Analysis and Incident Response for Magnet Forensics. The thoughts below reflect[…]

Read More
31 Maggio 2023
XDR meets IAM: Comprehensive identity threat detection and response with Microsoft

Identity has become the corporate security perimeter. The average organization used 130 different cloud applications in 2022. That’s up 18 percent from 2021 alone.1 And as organizations continue to embrace digital transformation and enable remote work, they look to identity and access management solutions to ensure that the[…]

Read More
30 Maggio 2023
New macOS vulnerability, Migraine, could bypass System Integrity Protection

A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device. We shared these findings with Apple through Coordinated Vulnerability Disclosure[…]

Read More
24 Maggio 2023
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.[…]

Read More
23 Maggio 2023
Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security

At Microsoft Build 2023—an event for developers by developers—we’re going to announce exciting new features and technologies, share ideas, and help everyone boost their skills so we can all build a more secure future together. This year’s Microsoft Build offers a full program, both online and in-person, to[…]

Read More
23 Maggio 2023
The future of app development with Microsoft Power Platform

According to Gartner, “By 2026, low-code development tools will account for 75 percent of new application development.”1 To help build those applications, professional developers are turning to Microsoft Power Platform. Microsoft Power Platform transforms the way developers work by providing a comprehensive low-code platform that increases their productivity and[…]

Read More
19 Maggio 2023
Cyber Signals: Shifting tactics fuel surge in business email compromise

Today we released the fourth edition of Cyber Signals highlighting a surge in cybercriminal activity around business email compromise (BEC). Microsoft has observed a 38 percent increase in cybercrime as a service (CaaS) targeting business email between 2019 and 2022.1 Successful BEC attacks cost organizations hundreds of millions[…]

Read More
15 Maggio 2023
Microsoft Security highlights from RSA Conference 2023

The RSA Conference (RSAC) gave us an incredible opportunity to meet with security professionals from around the world, learn about exciting advances in the world of cybersecurity, and share our own security innovations. Defenders everywhere serve an important mission of protecting our world, and RSAC is a special[…]

Read More