Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

Credit to Author: Eric Avena| Date: Thu, 26 Sep 2019 17:34:41 +0000

We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land techniques, which refer to the abuse of legitimate tools, also called living-off-the-land binaries (LOLBins), that…

The post Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware appeared first on Microsoft Security.

Read more

Top 5 use cases to help you make the most of your Cloud Access Security Broker

Credit to Author: Todd VanderArk| Date: Wed, 25 Sep 2019 16:00:25 +0000

We explore five use cases for CASBs that give you an immediate return on your investment with very little deployment effort.

The post Top 5 use cases to help you make the most of your Cloud Access Security Broker appeared first on Microsoft Security.

Read more

Automated incident response in Office 365 ATP now generally available

Credit to Author: Todd VanderArk| Date: Mon, 09 Sep 2019 16:00:37 +0000

Powerful automation capabilities help improve the effectiveness and efficiency of investigating and responding to Office 365 alerts.

The post Automated incident response in Office 365 ATP now generally available appeared first on Microsoft Security.

Read more

From unstructured data to actionable intelligence: Using machine learning for threat intelligence

Credit to Author: Eric Avena| Date: Thu, 08 Aug 2019 16:30:12 +0000

Machine learning and natural language processing can automate the processing of unstructured text for insightful, actionable threat intelligence.

The post From unstructured data to actionable intelligence: Using machine learning for threat intelligence appeared first on Microsoft Security.

Read more

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Credit to Author: Eric Avena| Date: Wed, 07 Aug 2019 23:50:25 +0000

Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.

The post A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response appeared first on Microsoft Security.

Read more

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

Credit to Author: Eric Avena| Date: Wed, 31 Jul 2019 16:30:35 +0000

The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.

The post How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection appeared first on Microsoft Security.

Read more

The evolution of Microsoft Threat Protection—July update

Credit to Author: Todd VanderArk| Date: Mon, 29 Jul 2019 16:00:50 +0000

Learn about the latest enhancements to Microsoft Threat Protection, the premier solution for securing the modern workplace across identities, endpoints, user data, apps, and infrastructure.

The post The evolution of Microsoft Threat Protection—July update appeared first on Microsoft Security.

Read more

New machine learning model sifts through the good to unearth the bad in evasive malware

Credit to Author: Eric Avena| Date: Thu, 25 Jul 2019 16:30:55 +0000

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.

The post New machine learning model sifts through the good to unearth the bad in evasive malware appeared first on Microsoft Security.

Read more