Microsoft Support & Discussions
Free PC Help Forum microsoft products support and discussions. If you need help with Microsoft Windows, Windows Server software, Microsoft 365, Microsoft Azure or any other Microsoft product you can post here. If you want to discuss Microsoft and their line of products you can do that here also.
84,928 topics in this forum
-
-
- FPCH Admin
- 0 replies
- 289 views
On July 14, 2021, the National Cybersecurity Center of Excellence1 (NCCoE) at the National Institute of Standards and Technology2 (NIST) hosted a virtual workshop3 to seek feedback from government and industry experts on practical approaches to preventing and recovering from ransomware and other destructive cyberattacks. After we wrote up our feedback for NIST, we realized it would be helpful to share this perspective more broadly to help organizations better protect themselves against the rising tide of (highly profitable) ransomware attacks. While ransomware and extortion attacks are still evolving rapidly, we want to share a few critical lessons learned and shed some l…
Last reply by AWS, -
-
A deep-dive into the SolarWinds Serv-U SSH vulnerability
by Guest Eric Avena- 0 replies
- 0 views
Several weeks ago, Microsoft detected a 0-day remote code execution exploit being used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributed the attack with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures. In this blog, we share technical information about the vulnerability, tracked as CVE-2021-35211, that we shared with SolarWinds, who promptly released security updates to fix the vulnerability and mitigate the attacks. This analysis was conducted by the Microsoft Offensive Research & Security Engineering team, a f…
-
Windows 365 Cloud PC provisioning scenarios
by Guest Steven DeQuincey- 0 replies
- 0 views
Windows 365 Enterprise provides an easy method to automatically provision Cloud PCs, without the complex skillsets that are required for successful deployment in other virtualization environments. Windows 365 also offers flexibility, allowing organizations to manage Cloud PC users, deployment locations, and lifecycles. This article reviews some common considerations you can make for initial user provisioning, when you might need multiple provisioning policies, and how to manage those provisioning policies going forward. Scenario 1 – Provisioning by location Before you create a provisioning policy, you need to create your on-premises network connection (OPNC). T…
-
Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365
by Guest Emma Jones- 0 replies
- 0 views
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for years, but their breadth and sophistication today pose a formidable threat. According to the FBI, fraudulent emails sent under the guise of their own domains cost companies over $13 billion between 2016 and 2020.1 Microsoft has industry-leading solutions for protecting customers from such attacks. Recently, Microsoft was named a leader in the 2021 Enterprise Email Security Wave…
-
Microsoft a Leader in 2021 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools
by Guest Emma Jones- 0 replies
- 0 views
In today’s changing business world, where flexibility is more crucial than ever, we’re honored that Gartner has again recognized Microsoft as a Leader in the Magic Quadrant for Unified Endpoint Management (UEM) Tools1. Over the last 18 months, millions of employees worldwide have had to shift their work from the office to the home, and millions more continue to deal with dramatically reconfigured workplaces. Whether it’s hybrid or remote work, the one common aspect is the endpoint-as-conduit through which people remain connected and participate in today’s workplace. Throughout this massive shift, it’s become clear that digital endpoints—PCs, phones, operating systems, and…
-
How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud
by Guest Emma Jones- 0 replies
- 0 views
In 2020, the US Department of Defense (DoD) began the phased rollout of a new framework for protecting their supply chain, known as the defense industrial base (DIB). This new Cybersecurity Maturity Model Certification1 (CMMC) system requires regular audits that will bolster the security of the DIB, which comprises approximately 350,000 commercial companies producing everything from Abrams tanks, satellites, and Reaper drones down to laptop computers, uniforms, food rations, medical supplies, and much more. It’s no secret why the DoD would want to tighten security on its supply chain. According to DoD officials, organizations in the DIB are under constant attack both f…
-
Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature
by Guest MSRC Team- 0 replies
- 0 views
On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately. Our investigation indicates that no customer data was accessed because of this … Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 1 view
On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately. Our investigation indicates that no customer data was accessed because of this vulnerability by third parties or security researchers.
Last reply by Cloaked, -
-
Cybersecurity’s next fight: How to protect employees from online harassment
by Guest Emma Jones- 0 replies
- 0 views
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Leigh Honeywell, CEO and Co-founder of Tall Poppy, which builds tools and services to help companies protect their employees from online harassment and abuse. In this blog, Leigh talks about company strategies for fighting online harassment. Natalia: What are some examples of online harassment experienced in the workplace? Leigh: Online harassment breaks down into two types. The first is harassment related to your …
-
How Vodafone Global Security Director creates an inclusive and secure workplace
by Guest Emma Jones- 0 replies
- 0 views
Moving to more flexible remote work policies has caused telecommunications giant Vodafone to rethink cybersecurity and the potential friction to users. Instead of relying on physical security controls in the office, the company has embraced a Zero Trust strategy that requires authenticating everyone before granting access. I hosted Emma Smith on a recent episode of Security Unlocked: CISO Series with Bret Arsenault to talk about Vodafone’s cybersecurity approach and the importance of workplace inclusion. The importance of employee inclusion and security When employees don’t feel included, they’re not going to do their best work, according to Emma, who is Vodafone’…
-
Automating security assessments using Cloud Katana
by Guest Emma Jones- 0 replies
- 0 views
Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud providers. Design principles of Cloud Katana Figure 1: Cloud Katana design principles. Cloud Katana was designed and developed under the following principles: A serverless execution model. Compute on-demand as a web API. YAML-based attack definitions. Orchestrated stateful execution. Secure authentication and authorization. Managed identity integration. Granul…
-
Announcing the Launch of the Azure SSRF Security Research Challenge
by Guest MSRC Team- 0 replies
- 0 views
Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional … Announcing the Launch of the Azure SSRF Security Research Challenge Read More » Continue reading...
-
-
- FPCH Admin
- 0 replies
- 1 view
Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional awards for identifying innovative or novel attack patterns.
Last reply by Cloaked, -
-
Trend-spotting email techniques: How modern phishing emails hide in plain sight
by Guest Eric Avena- 0 replies
- 0 views
With the massive volume of emails sent each day, coupled with the many methods that attackers use to blend in, identifying the unusual and malicious is more challenging than ever. An obscure Unicode character in a few emails is innocuous enough, but when a pattern of emails containing this obscure character accompanied by other HTML quirks, strange links, and phishing pages or malware is observed, it becomes an emerging attacker trend to investigate. We closely monitor these kinds of trends to gain insight into how best to protect customers. This blog shines a light on techniques that are prominently used in many recent email-based attacks. We’ve chosen to highlight th…
-
Migrating content from traditional SIEMs to Azure Sentinel
by Guest Emma Jones- 0 replies
- 0 views
In part two of this three-part series, we covered the five types of side-by-side security information and event management (SIEM) configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and detections while operating side-by-side with your on-premises SIEM, as well as ways to maximize Azure Sentinel’s powerful automation capabilities to streamline common tasks. The information presented here is derived from experiences we’ve accumulated while assisting numerous customer migrations, as well as experiences gained by Microsoft’s own security operations center (SOC) in…
-
Microsoft and NIST collaborate on EO to drive Zero Trust adoption
by Guest Emma Jones- 0 replies
- 0 views
2020’s Nobelium attack sent shock waves through both government and private sectors. 2021 has already seen large-scale nation-state attacks such as Hafnium1 alongside major ransomware attacks2 on critical infrastructure. The breadth and boldness of these attacks show that, far from being deterred, bad actors are becoming more brazen and sophisticated. To help protect US national security, the White House on May 12, 2021, issued Presidential Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity3. This EO mandates “significant investments” to help protect against malicious cyber threats: Executive Order 14028 also states the “private sector must adapt t…
-
Attackers use Morse code, other encryption methods in evasive phishing campaign
by Guest Eric Avena- 0 replies
- 0 views
Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill to constantly evade detection and keep the credential theft operation running. This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving. The HTML attachment is divided into several segments, including the JavaScript files used to steal passwords, which are then encoded using various mechanisms. These attackers move…
-
7 ways to harden your environment against compromise
by Guest Emma Jones- 0 replies
- 0 views
Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the deployment of crypto-mining tools. Ransomware is a growing threat to organizations and home users, as it is a low-cost, high-return business model. These attacks aren’t complex, they rely on tools and software exploits that have existed for many years and are still not remediated. They’re still sought out for a simple reason: they still work. In this post, we hope to share with y…
-
How security can keep media and sources safe
by Guest Emma Jones- 0 replies
- 0 views
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Runa Sandvik, an expert on journalistic security and the former Senior Director of Information Security at The New York Times. In this blog, Runa introduces the unique challenges and fundamentals of journalistic security. Natalia: What is journalistic security? Runa: Being a reporter is not a 9-to-5 job. You’re not just a reporter when you step through the doors of The Washington Post or The Wall Street Journal or…
-
Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft
by Guest Emma Jones- 0 replies
- 0 views
Last month, we introduced the SimuLand project to help security researchers around the world deploy lab environments to reproduce well-known attack scenarios, actively test detections, and learn more about the underlying behavior and implementation of adversary techniques. Since the release of the project, we have worked on a second phase to improve the current documentation and collect the telemetry generated after running the simulation plans in the lab guides. Today, we are excited to release a dataset generated from the first simulation scenario to provide security researchers with an option to access data mapped to attack behavior without deploying the full enviro…
-
Spotting brand impersonation with Swin transformers and Siamese neural networks
by Guest Eric Avena- 0 replies
- 0 views
Every day, Microsoft Defender for Office 365 encounters around one billion brand impersonation emails. Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks. In this blog, we discuss our latest innovation toward developing another detection layer focusing on the visual components of brand impersonation attacks. We presented this approach in our Black Hat briefing Siamese neural networks for detecting brand impersonation today. Before a brand impersonation detection system can be trained to distinguish between legitimate and malicio…
-
How to manage a side-by-side transition from your traditional SIEM to Azure Sentinel
by Guest Emma Jones- 0 replies
- 0 views
With every week bringing new headlines about crippling cyberattacks, and with organizations growing increasingly distributed, security teams are constantly asked to do more with less. Moving to cloud-native security information and event management (SIEM) can help security teams analyze data with the scale of the cloud, and empowers them to focus on protecting the organization, not managing infrastructure. As the industry’s first cloud-native security operation and automated response (SIEM+SOAR), Azure Sentinel provides security analytics across the organization to fight today’s sophisticated cyber threats. It does this by collecting data across the digital estate—includi…
-
When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
by Guest Eric Avena- 0 replies
- 0 views
[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker behavior and outlines investigation guidance.] LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives. As we discussed in Part 1 of this blog series, in recent months LemonDuck adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining acti…
-
Attack AI systems in Machine Learning Evasion Competition
by Guest Emma Jones- 0 replies
- 0 views
Today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition (MLSEC) for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting. Hosted and sponsored by Microsoft, alongside NVIDIA, CUJO AI, VM-Ray, and MRG Effitas, the competition rewards participants who efficiently evade AI-based malware detectors and AI-based phishing detectors. Machine learning powers critical applications in virtually every industry: finance, healthcare, infrastructure, and cybersecurity. Microsoft is seeing an uptick of attacks on commercial AI systems that could compromise the confidentiality, integrity, an…
-
Microsoft at Black Hat 2021: Sessions, bug bounty updates, product news, and more
by Guest Emma Jones- 0 replies
- 0 views
Black Hat USA 2021 is about understanding the needs of security professionals and meeting you where you are. With last year’s pandemic-related firefighting still fresh in our minds, this year’s event will provide a welcome respite to learn about cutting-edge security solutions, build our skillsets, and network with peers. Microsoft Security is committed to helping you secure your entire digital estate with integrated, comprehensive protection—bridging the gaps to catch what others miss. We provide the leading AI, automation, and expertise that help you detect threats quickly, respond effectively, and fortify your security posture. As the world enters a new normal where…