Microsoft announces the 2025 Security Excellence Awards winners
Congratulations to the winners of the Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond.
New capabilities to help you secure your AI transformation
Today, we’re thrilled to introduce new features for securing and governing in the age of AI. We are announcing new capabilities in Microsoft Defender and Microsoft Purview that will make it easier for teams to manage, protect ,and govern AI applications at work.
Security above all else—expanding Microsoft’s Secure Future Initiative
Microsoft is expanding the scope of the Secure Future Initiative to adapt to the evolving cyberthreat landscape. Read about the principles and pillars driving this initiative.
Microsoft named an overall leader in KuppingerCole Leadership Compass for ITDR
Today we are thrilled to announce that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass Identity Threat Detection and Response: IAM Meets the SOC. The report highlights strengths across key capabilities ranging from identity posture to remediation, while further highlighting Microsoft’s commitment to protecting all organizations.
Microsoft introduces passkeys for consumer accounts
The best part about passkeys is that you’ll never need to worry about creating, forgetting, or resetting passwords ever again. Read about Microsoft’s new passkey support for consumer accounts.
Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases.
Investigating industrial control systems using Microsoft’s ICSpector open-source framework
Microsoft released ICSpector as an open-source framework to help organizations secure their industrial control systems. Read our blog post for details on how it works and why this solution is so critical given modern cybersecurity threats.
5 ways a CNAPP can strengthen your multicloud security environment
CNAPP, or cloud-native application protection platform, can be a powerful tool in your cybersecurity toolkit. Read on for highlights of our guide diving into the topic.
New Microsoft Incident Response guide helps simplify cyberthreat investigations
Discover how to fortify your organization's cybersecurity defense with this practical guide on digital forensics from Microsoft's Incident Response team.
Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Microsoft has issued a security update addressing this vulnerability as CVE-2022-38028.
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.
New Microsoft guidance for the DoD Zero Trust Strategy
We are excited to announce new Zero Trust activity-level guidance for implementing the Department of Defense Zero Trust Strategy with Microsoft cloud services.
Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024
We're thrilled to announce that Forrester has recognized Microsoft as a Leader in the Forrester Wave™: Workforce Identity Platforms, Q1 2024 report. We’re proud of this recognition, which we believe reflects our commitment to delivering advanced solutions that cater to the evolving needs of our customers in the workforce identity space.