Microsoft Defender Threat Intelligence

Refine Results

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Learn more
July 29, 2024

9 min read

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them.
July 25, 2024

11 min read

Onyx Sleet uses array of malware to gather intelligence for North Korea

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet.
June 26, 2024

6 min read

Mitigating Skeleton Key, a new type of generative AI jailbreak technique

Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models.
May 28, 2024

14 min read

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that combines many tried-and-true techniques used by other North Korean threat actors, as well as unique attack methodologies to target companies for its financial and cyberespionage objectives.
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
Learn more
May 15, 2024

10 min read

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.
April 22, 2024

10 min read

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions.
November 15, 2023

16 min read

Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite

The new era of AI is here. At Microsoft Ignite, we will be announcing new cybersecurity capabilities to help you thrive in this new age.
October 25, 2023

17 min read

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
Learn more
October 19, 2023

5 min read

Microsoft Security Copilot Early Access Program: Harnessing generative AI to empower security teams

Learn more about Microsoft Security Copilot—including its integration with Microsoft 365 Defender—as well as our latest innovations and announcements, and how your organization can get early access.
October 18, 2023

10 min read

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability.
August 10, 2023

10 min read

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

Microsoft researchers identified multiple high-severity vulnerabilities in the CODESYS V3 SDK that could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS).
July 18, 2023

11 min read

Microsoft Inspire: Partner resources to prepare for the future of security with AI

Microsoft Inspire is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem.