Microsoft Support & Discussions
Free PC Help Forum microsoft products support and discussions. If you need help with Microsoft Windows, Windows Server software, Microsoft 365, Microsoft Azure or any other Microsoft product you can post here. If you want to discuss Microsoft and their line of products you can do that here also.
84,928 topics in this forum
-
How to improve risk management using Zero Trust architecture
by Guest Christine Barrett- 0 replies
- 0 views
What’s risk management and why is it important? Risk management, the process of developing a strategy for addressing risk throughout its lifecycle, normally involves four phases: risk identification, assessment, response, and monitoring and reporting. Risk management plays a critical role in helping organizations with their security posture enhancement. Taking insider incidents as an example, they are not only costly to organizations but also time-consuming to be contained. Given the limited resources available, we have seen many organizations often prioritize investment in security controls, which can address the more critical risks. As such, the return on in…
-
-
- FPCH Admin
- 0 replies
- 236 views
Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions. As of this writing, some of the latest skimming HTML and JavaScript files uploaded in VirusTotal have very low detection rates. Web skimming typically targets platforms like Magento, PrestaShop, and WordPress, which are popular choices for online shops because of …
Last reply by AWS, -
-
-
- FPCH Admin
- 0 replies
- 0 views
In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researcher Avinash Sudhodanan, investigated account pre-hijacking – a new class of attacks affecting websites and other online services.
Last reply by Cloaked, -
-
-
- FPCH Admin
- 0 replies
- 246 views
In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based encryption for its communications. XorDdos depicts the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things (IoT) devices. By compromising IoT and other internet-connected devices, XorDdos amasses botnets that can be used to carry out distributed denial-of-service (DDoS) attacks. Using a b…
Last reply by AWS, -
-
Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards
by Guest Stephanie Calabrese- 0 replies
- 0 views
“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side when he is working late. Origin of his Hacker name: The word dog in Spanish is … Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards Read More » Continue reading...
-
Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards
by Cloaked-
- FPCH Admin
- 0 replies
- 0 views
“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased : His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion : His two cats. They’re always by his side when he is working late. Origin of his Hacker name : The word dog in Spanish is “perro” @p3RR0.
Last reply by Cloaked, -
-
So you want to be a CISO: What you should know about data protection
by Guest Christine Barrett- 0 replies
- 0 views
Data is the lifeblood of any organization. Whether you’re a Chief Information Security Officer (CISO) or aspiring to become one, protecting sensitive business data will be your main priority. But the job isn’t getting any easier. In 2021, the number of data breaches climbed 68 percent to 1,862, costing an average of USD4.24 million each.1 The damage from a breach touches everyone, causing diminished brand equity and consumer trust, decreased shareholder confidence, failed audits, and increased scrutiny from regulatory agencies. It’s easy to become so preoccupied with protecting against the next ransomware attack that you overlook risks within your own organization. Ins…
-
Citrix extends Windows 365 Cloud PC to new audiences
by Guest Scott Manchester- 0 replies
- 1 view
Microsoft and Citrix have worked together for decades, delivering technology solutions that help IT support their businesses. Over time, Microsoft and Citrix solutions have evolved together to enable an efficient, high-performing, work-from-anywhere model to meet the needs of an increasingly distributed workforce. Expanding that historical relationship, we are excited to announce today that a new value-add solution is in development that integrates Citrix high-definition user experience (HDX) technology with Windows 365. This integration will empower a new generation of Windows 365 and Citrix users to access their persistent, cloud-hosted Windows 11 or Windows 10 deskt…
-
Easy authentication and authorization in Azure Active Directory with No-Code Datawiza
by Guest Christine Barrett- 0 replies
- 0 views
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. The acceleration of cloud journeys fueled by the pandemic and ever-increasing concerns about data security and information privacy have made access management one of the hottest topics in application security and Zero Trust architecture discussions. Over the last several years, the industry has made tremendous progress on identity and access management, and Microsoft Azure Active Directory (Azure AD), with its focus on Zero Trust comprehensive cloud-based identity services, is a perfect example of this. Achieving a secure environment is top of mind for …
-
In hot pursuit of ‘cryware’: Defending hot wallets from attacks
by Guest Paul Oliveria- 0 replies
- 0 views
The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, and the emergence of a threat type we’re referring to as cryware. Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets. Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more th…
-
-
- FPCH Admin
- 0 replies
- 254 views
The last time the RSA Conference was held as an in-person event was in 2020. Needless to say, a lot has changed since then. RSA is once again going forward as an in-person (and digital) event in San Francisco, from June 6 to 9, 2022. After two years of remote interactions, we’re excited to exchange ideas with industry influencers and security professionals from across North America. Microsoft Security will be onsite at booth 6059 at Moscone Center with 1,500 square feet of Microsoft and partner-led demonstrations from Nuance, Rubrik, Wipro, and Veritas. There will also be 40 theater sessions, including presentations from Entrust, Lighthouse, Open Systems, Vectra AI, and Y…
Last reply by AWS, -
-
Anatomy of a Security Update
by Guest msrc- 0 replies
- 1 view
The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provide updated tools and guidance to help organizations … Anatomy of a Security Update Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 0 views
The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect customers and Microsoft from current and emerging threats related to security and privacy. We monitor threats and provide updated tools and guidance to help organizations defend against, identify, and remediate attacks.
Last reply by Cloaked, -
-
Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders
by Guest Microsoft 365 Defender Threat Intelligence Team- 0 replies
- 1 view
The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could help new defenders focus on critical techniques relevant to their organization’s environment, and aid experienced defenders in prioritizing ATT&CK techniques according to their organization’s needs. The ATT&CK framework provides an extensive list of specific techniques that may be challenging to navigate in certain situations. This project aims to help defenders who use the frame…
-
Microsoft security experts outline next steps after compromise recovery
by Guest Christine Barrett- 0 replies
- 0 views
Who is CRSP? The Microsoft Compromise Recovery Security Practice (CRSP) is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place. As a specialist team within the wider Microsoft cybersecurity functions, we predominantly focus on reactive security projects for our customers. The main types of projects we undertake are: Compromise recovery: Giving customers back control of their environment after a compromise. Rapid ransomware recovery: Restore business-critical applications and limit r…
-
Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole. The vulnerability could … Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 272 views
More threats—not enough defenders The security landscape has become increasingly challenging and complex for our customers. Threats have grown at an alarming rate over the last year, and cybercrime is now expected to cost the world USD10.5 trillion annually by 2025, up from USD3 trillion a decade ago and USD6 trillion in 2021.1 As attacks increase in scale, so must our defenses. Last year, Microsoft Security blocked over 9.6 billion malware threats and more than 35.7 billion phishing and other malicious emails. Microsoft Security is actively tracking more than 35 ransomware families and 250 unique threat actors across observed nation-state, ransomware, and crimina…
Last reply by AWS, -
-
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
by Guest Microsoft 365 Defender Threat Intelligence Team- 0 replies
- 0 views
Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities. That depth of signal intelligence gathered from various domains—identity, email, data, and cloud—provides us with insight into the gig economy that attackers have created with tools designed to lower the barrier for entry for other attackers, who in turn continue to pay dividends and fund operations through the sale and associated “cut” from their tool’s success. The cybercriminal economy …
-
Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole.
Last reply by Cloaked, -
-
- FPCH Admin
- 0 replies
- 257 views
Did you know that May 5, 2022, is World Password Day?1 Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to honor something almost no one wants to deal with—like having a holiday for filing your income taxes (actually, that might be a good idea). But in today’s world of online work, school, shopping, healthcare, and almost everything else, keeping our accounts secure is more important than ever. Passwords are not only hard to remember and keep track of, but they’re also one of the most…
Last reply by AWS, -
-
How a senior product manager is leading the passwordless movement at Microsoft
by Guest Christine Barrett- 0 replies
- 0 views
May 5, 2022, is World Password Day, a day we all use to create awareness around password security. At Microsoft, we choose to celebrate replacing passwords with better and more secure ways to sign in. I can’t think of a better person at Microsoft to represent this journey than Libby Brown, a senior product manager leading our efforts to keep Microsoft Azure Active Directory (Azure AD) customers more secure with passwordless solutions. Here’s what I love about Libby’s story: her career has followed a winding path that ended up being the best possible path to the role she has today. Early on, she switched from engineering to public policy and then worked in publishing, p…
-
Azure AD required for Update Compliance after October 15, 2022
by Guest Paul_Reed- 0 replies
- 1 view
Update Compliance enables organizations to monitor security, quality, and feature updates for Windows 10 or 11 Professional, Education, and Enterprise editions. It’s also one of many services powered by the Windows diagnostic data processor configuration, which allows IT administrators to authorize data to be collected from devices under their management. This blog prepares you for an upcoming set of changes in the requirements for Update Compliance. The Windows diagnostic data processor configuration was announced in 2021. IT administrators leveraging this configuration are considered the data controllers for Windows diagnostic data collected from their enrolled devic…
-
Automating your Microsoft security suite with D3 XGEN SOAR
by Guest Christine Barrett- 0 replies
- 1 view
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. There are certain pain points in the average security operations center (SOC) that, no matter what else changes in the security landscape, stay among the most entrenched problems. You can probably name them off the top of your head: an overwhelming amount of security alerts; the ongoing shortage of skilled cybersecurity professionals; the inability to detect and respond to increasingly sophisticated attacks; and the proliferation of tools (76 in the average enterprise SOC) that do not always work well together.1 But these challenges have something else in …
-
-
- FPCH Admin
- 0 replies
- 255 views
Happy National Small Business Week1 in the United States! Small and medium businesses (SMBs) are the bedrock of our economy, representing 90 percent of businesses and more than 50 percent of employment worldwide.2 As we celebrate their innovation and contributions this week, it’s important to acknowledge the increased cyber risks they face as they embrace hybrid work and new digital business models, along with the emergence of cyberattacks as a service. Increased security concerns with the changing SMB landscape Microsoft surveyed more than 150 small and medium businesses in the United States in April 2022 to better understand the changing SMB security needs…
Last reply by AWS, -
-
-
- FPCH Admin
- 0 replies
- 271 views
With roughly six weeks left until the Internet Explorer 11 (IE11) desktop application retires on June 15, 2022, you and your organization may have entered your final stages of preparation. You've identified any IE-dependent sites used by your organization; you've compiled those sites into an enterprise mode site list for IE mode; you've designated any needed neutral sites and tested those sites to ensure IE mode works as expected. Now you just have to wait until IE is disabled after June 15…. Right? That is one approach, but we know that waiting for something to happen can be stressful, especially with complex IT environments. So instead of waiting, we recommend tha…
Last reply by AWS, -