The latest volume of the Microsoft Security Intelligence Report (SIR) is now available for free download at www.microsoft.com/sir. We’ve been publishing threat intelligence reports for our customers, partners and the industry for 10 years now. During that time, we’ve published over 12,500 pages of threat intelligence, 100+ blog posts, many videos, and delivered thousands of […]
A few weeks back I had the opportunity to I speak at the Cloud Security Alliance Summit 2016 held in San Francisco, California. Microsoft was a Platinum sponsor of the event. I participated in a panel discussion on cloud security that focused on lessons learned from a cloud services provider’s point of view. Google, Dropbox, […]
OneDrive for Business can help ensure that business files for organizations’ users are stored in a central location making it easy for users to search, share and collaborate on documents using a range of devices.
We released the latest volume of the Microsoft Security Intelligence Report last week. The latest data on how different versions of the Windows operating system are mitigating modern malware attacks suggests that newer versions are performing better than older versions. The figure below illustrates the malware infection rates for Windows client and server operating systems […]
Volume 18 of the Microsoft Security Intelligence Report (SIR) is now available at http://microsoft.com/sir. This volume of the SIR focuses on the second half of 2014 and contains longer term trend data as well. SIR volume 18 contains data, insights and practical guidance on a range of global and regional cybersecurity threats including vulnerability disclosures, […]
In early March, I had the fortunate opportunity to speak at the ABB Automation & Power World 2015 conference in Houston, TX. This event is like a “Disneyland” for critical infrastructure providers (CIPs)! This was my first time attending the bi-annual event and I was blown away by the innovative power and automation technologies that […]
Although pass-the-hash credential theft and reuse attacks aren’t new, more recently security researchers have been focusing on attack methods for Kerberos authentication.
When you buy a new computer, often times it will come pre-installed with software provided by the manufacturer. This is commonly done by software providers as way to entice people to try their products before they buy. One of the most common types of software that comes pre-installed on computers is antivirus or antimalware protection […]
Microsoft Antimalware for Azure Cloud Services and Virtual Machines is now generally available for Microsoft Azure customers. This new security extension for Microsoft Azure provides an additional layer of security by helping to identify, block and remove malicious software on virtual machines managed by Azure customers. It provides real time protection from the latest threats, […]
<p>A vulnerability disclosure, as the term is used in the <a href="http://approjects.co.za/?big=sir">Microsoft Security Intelligence Report</a>, is the revelation of a software vulnerability to the public at large. Disclosures can come from a variety of sources, including publishers of the affected software, security software vendors, independent security researchers, and even malware creators.</p> <p>The vulnerability disclosure data in the Security Intelligence Report is compiled from vulnerability disclosure data that is published in the <a href="http://nvd.nist.gov/">National Vulnerability Database </a>(NVD). This database is the US government’s repository of standards-based vulnerability management data. The NVD represents all disclosures that have a published Common Vulnerabilities and Exposures (CVE) identifier.</p> <p><span style="text-decoration:underline;"><strong>Industry-wide vulnerability disclosures trending upwards</strong></span><br>Figure 1 illustrates the vulnerability disclosure trend across the entire industry since 2011. Between 2011 and the end of 2013 vulnerability disclosure counts ranged from a low of 1,926 in the second half of 2011 to a high of 2,588 in the first half of 2012; there were more than 4,000 vulnerability disclosures across the entire industry each year during this period. For <a href="/b/security/archive/2012/03/15/trustworthy-computing-learning-about-threats-for-over-10-years-part-4.aspx">additional context</a>, the peak period for industrywide vulnerability disclosures was 2006-2007 when 6,000 - 7,000 vulnerabilities were disclosed each year. Vulnerability disclosures across the industry in the second half of 2013 (2H13) were up 6.5 percent from the first half of the year, and up 12.6 percent from the second half of 2012. <a href="/b/security/archive/2014/07/08/industry-vulnerability-disclosures-trending-up.aspx">Read more</a></p>
