Microsoft Threat Intell: GALLIUM: Targeting global telecom
I guess this is important for Telcos (and others): GALLIUM: Targeting global telecom
Azure Sentinel-the cloud-native SIEM is now generally available
During RSA we announced that we will bring a cloud-native SIEM/SOAR solution to the market. Since then the team worked very hard to drive it forward. The number of private and public preview customers we had proved that it hit a clear need in the market. Since yesterday it moved to production and is generally…
Using multi-factor authentication blocks 99.9% of account hacks
This is not fundamentally new but the figure is really high…
So, why are you still using username/password?
Politician’s Reactions on VIP Hack in Germany
I recently complained about the Swiss government and our inability in Switzerland to really drive Cybersecurity forward (Federal Council not deciding again – Switzerland falling behind on Cybersecurity). It was one of the most-read blog posts I wrote during the last few years… In one of the discussions on LinkedIn I talked about one of…
Does AI solve it all?
Artificial Intelligence and Machine Learning hold a lot of promises in security. They will help us address the problems around false positives and detecting anomalies. There is a lot of hope and a lot of promises by the vendors in that space. Microsoft invests in this technology as well and I would say we are…
Protecting USB Sticks
It is in my opinion a controversial discussion: Do you allow the use of USB sticks in a corporate environment and if yes, how? Obviously, today there are a lot of other means to exchange information but the USB stick still seems to be important for users. To have a presentation for an event on…
Keep all your software updated and current
I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To…
Security Updates and Exploit Code
CORRECTION:So far there is “only” Proof of Concept code in the wild, no real exploit. In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution. Relatively soon after the release, there was a public exploit code available – we informed here: Proof-of-Concept Code available for…
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two…
Cybersecurity–More than a good headline
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what…
Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response
A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset. It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response.…
VeriSign to Take Down Malware Sites?
This is actually an interesting approach: VeriSign Proposes Takedown Procedures and Malware Scanning for .Com. This leads to the discussion I have so often: What is more important? The single website or the greater good? Now, do not get me wrong: I see the risks of VeriSign taking down microsoft.com because a blog hosted there…
Microsoft Malware Protection Center on Facebook and Twitter
I know, I have been fairly slow in blogging currently but I was fairly busy with a few cool projects (which I will disclose later) and – time flies if you are having fun Just a quick one: The MMPC on Facebook and Twitter The Microsoft Malware Protection Center (MMPC) officially launched its Facebook page…
Special Intelligence Report on the Rustock Takedown
As you might remember, on Match 16th Microsoft together with other industry players was successfully able to take down the Rustock botnet and thus significantly reducing the spam level. We now just published a special Intelligence Report on this botnet: Read an overview of the Win32/Rustock family of rootkit-enabled backdoor Trojans background, functionality, how it…
Ten Immutable Laws Of Security (Version 2.0)
You might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom†of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important as version…
Infrastructure Planning and Design Guide for Malware Response
A new version of this guide went live – I think something, you should look at. There is a metrology and a process in detail:
So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx
Roger
Fighting a Botnet
Microsoft Malware Protection Center published a document on Battling the Zbot Threat, a special edition of the Security Intelligence Report. It is a very good document, worth looking at. This is the intro (to make you curious for more): This document provides an overview of the Win32/Zbot family of password-stealing trojans. The document examines the…
Stuxnet talks – do we listen?
Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out…
How to Detect a Hacker Attack
I read an article called that way but then had to realize that it did not really address, what I expected. Why? Well, because it does not cover the key challenge in my opinion but…
Advisory for the ASP.NET Vulnerability
We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk. Recently there was a vulnerability in ASP.NET publically disclosed. We released an advisory and you should look into implementing the suggested workaround: Vulnerability in ASP.NET…