As Tax Day approaches in the United States on April 15, Microsoft has detected several tax-themed phishing campaigns employing various tactics. These campaigns use malicious hyperlinks and attachments to deliver credential phishing and malware including RaccoonO365, AHKBot, Latrodectus, BruteRatel C4…
Category: Microsoft Security Blog
Transforming public sector security operations in the AI era
Read how Microsoft’s unified security operations platform can use generative AI to transform cybersecurity for the public sector. The post Transforming public sector security operations in the AI era appeared first on Microsoft Security Blog. This article has been indexed…
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we identified and refined…
New innovations in Microsoft Purview for protected, AI-ready data
Microsoft Purview delivers a comprehensive set of solutions that help customers seamlessly secure and confidently activate data in the era of AI. The post New innovations in Microsoft Purview for protected, AI-ready data appeared first on Microsoft Security Blog. This…
US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID
Discover how the U.S. Department of Labor enhanced security and modernized authentication with Microsoft Entra ID and phishing-resistant authentication. The post US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID appeared first on Microsoft Security Blog.…
Microsoft unveils Microsoft Security Copilot agents and new protections for AI
Learn about the upcoming availability of Microsoft Security Copilot agent and other new offerings for a more secure AI future. The post Microsoft unveils Microsoft Security Copilot agents and new protections for AI appeared first on Microsoft Security Blog. This…
AI innovation requires AI security: Hear what’s new at Microsoft Secure
When you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data…
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
Microsoft Incident Response uncovered a novel remote access trojan (RAT) named StilachiRAT, which demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. This blog primarily focuses on analysis of the WWStartupCtrl64.dll module that contains…
How MSRC coordinates vulnerability research and disclosure while building community
Learn about the Microsoft Security Response Center, which investigates vulnerabilities and releases security updates to help protect customers from cyberthreats. The post How MSRC coordinates vulnerability research and disclosure while building community appeared first on Microsoft Security Blog. This article…
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique…