Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
A few months ago we launched the Microsoft Security Intelligence Report (SIR) application that was designed to provide customers with an enhanced way to access the vast amount of threat intelligence contained in the SIR. The SIR app makes it easy to find, copy and share data from the Microsoft Security Intelligence Report. The SIR app runs on Windows 7 and Windows 8 based systems. Read more
Last week, Microsoft filed comments with the National Institute of Standards and Technology (NIST) on the Preliminary Cybersecurity Framework, which can be read here. I wanted to share a summary of our perspective on the Framework, as well as our recommendations to NIST as they continue development for final publication in February 2014. These comments are a continuation of our efforts to encourage thoughtful consideration of the Framework through convening events at our Innovation and Policy Center, participating in NIST’s Framework workshops, and delivering prior comments on the Framework and recommendations for incentives for its adoption. Read more
Many of the IT Professionals that contact our customer service and support group have common questions related to security incidents and are seeking guidance on how to mitigate threats from determined adversaries. Given the level of interest in this information and common scenarios that exist amongst different organizations, we are publishing a multi-part series which will detail common security incidents organizations face and provide recommended mitigations based on guidance from our Security Support team.
It is important to note that each phase has one or more technical and, more importantly, administrative controls that could have been used to block or slow down the attack. These mitigations are listed after each phase. Each mitigation addresses specific behaviors and attack vectors that have been seen previously in multiple security incidents. Read more.
As we near the end of 2013, it’s a perfect time to reflect on recent security events, the state of the industry and provide a glimpse into the future on how we anticipate the threat landscape to evolve in 2014. Read more
Today, Microsoft’s Digital Crimes Unit (DCU), in partnership with law enforcement and industry partners, announced the successful disruption of the Sirefef botnet, also known as ZeroAccess. This dangerous botnet is responsible for hijacking people’s search results and taking them to potentially dangerous websites that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks. ZeroAccess also commits click fraud. According to the latest Microsoft Security Intelligence Report, by the end of 2012, malicious or compromised websites had emerged to become the top threats facing enterprises as well as consumers. This botnet specifically targets search results on the major online search and advertising platforms including Google, Bing and Yahoo!, and is estimated to cost online advertisers $2.7 million each month. Read more