Windows Defender ATP – Page 5 – Computer Security Articles

No slowdown in Cerber ransomware activity as 2016 draws to a close

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, Cerber, Donoff, Exploits, holiday shopping, macro, Macro-based malware, Meadgive, ransomware, spam, Windows 10, Windows Defender, Windows Defender ATP

As everybody else winds down for the holidays, the cybercriminals behind Cerber are busy ramping up their operations. Following our discovery of a spam campaign that takes advantage of holiday shopping, we found two new campaigns that continue distributing the latest variants of Cerber ransomware. These campaigns are the latest in a series of persistent cybercriminal…

Microsoft Security

Windows 10: protection, detection, and response against recent Depriz malware attacks

January 23, 2017 admin 0-day exploit, Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Depriz malware, Device Guard, TERBIUM APT, Trojan, Trojan:Win32/Cadlotcorg.A!dha, Win32/Depriz, Windows 10, Windows 10 protection, Windows Defender, Windows Defender ATP, Zero day exploit

A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender and Windows Defender Advanced Threat Protection Threat Intelligence teams…

Microsoft Security

No payment necessary: Fighting back against ransomware

January 23, 2017 admin Advanced persistent threats, antimalware, Antimalware research for IT pros and enthusiasts, Coordinated Malware Eradication, enterprise software security, malware research, microsoft, Microsoft Edge, MMPC, Product features and announcements, ransomware, research, Windows 10, Windows Defender, Windows Defender ATP, Windows Defender for Windows 10

Any IT professional who’s ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate employees to be vigilant against such threats. And with ransomware attacks only growing, having information, tools and technologies to help protect your network can mean the difference between serious…

Microsoft Security

Our commitment to our customers’ security

January 23, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, Coordinated Malware Eradication, CVE-2016-7855, Elevation of privileges, Exploits, Microsoft Edge, Microsoft Edge on Windows 10, Microsoft Threat Intelligence, Microsoft's post-breach detection approach, post-breach, STRONTIUM APT, Terry Myerson's blog, Windows 10, Windows Defender ATP, Windows Defender ATP detects STRONTIUM

This guest blog post is by Terry Myerson / Executive Vice President, Windows and Devices Group Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. And we take this responsibility very seriously. Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM…

Microsoft Security

The new .LNK between spam and Locky infection

January 23, 2017 admin .LNK between spam and Locky, .Lnk embedded PowerShell command, .Lnk embedded PowerShell script, .LNK spam spreads Locky infection, Antimalware research for IT pros and enthusiasts, email spam, Locky ransomware, Nemucod and Locky, Ransom:Win32/Locky, ransomware, spammed .Lnk spreads Locky, Trojan, TrojanDownloader:PowerShell/Ploprolo.A, Windows Defender, Windows Defender ATP, Windows Defender in Windows 10

Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors might be using to keep it going. The decline in Locky activity can be attributed to the slowdown of detections of Nemucod, which Locky uses to infect computers. Nemucod is a…

Microsoft Security

Reverse-engineering DUBNIUM

January 23, 2017 admin Advanced persistent threats, Windows Defender ATP

DUBNIUM (which shares indicators with what Kaspersky researchers have called DarkHotel) is one of the activity groups that has been very active in recent years, and has many distinctive features. We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a…

Microsoft Security

Digging deep for PLATINUM

January 23, 2017 admin Activity groups, Advanced persistent threats, advanced threat, enterprise software security, guidance, hunters, malware, malware research, Microsoft Security Essentials, MMPC, phishing, research, Uncategorized, Windows 10, Windows Defender, Windows Defender ATP, Windows Defender for Windows 10

This blog introduces our latest report from the Windows Defender Advanced Threat Hunting team. You can read the full report at: PLATINUM: Targeted attacks in South and Southeast Asia There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones…