The psychology of social engineering—the “soft” side of cybercrime
Build a phishing resistant culture with Cialdini’s 6 Principles of Persuasion .
The quiet evolution of phishing
In 2019, we saw phishing attacks reach new levels of creativity and sophistication. Read about the most notable phishing techniques we spotted in the past year.
Tackling phishing with signal-sharing and machine learning
Across services in Microsoft Threat Protection, the correlation of security signals enhances the comprehensive and integrated security for identities, endpoints, user data, cloud apps, and infrastructure.
Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.
Machine learning vs. social engineering
Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats.
Links in phishing-like emails lead to tech support scam
Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. Learn how machine learning drives next-gen protection capabilities and cloud-based, real-time blocking of new and unknown threats: Machine learning vs.
Is social engineering the biggest threat to your organization?
“Always remember: Amateurs hack systems. Professionals hack people.” –Bruce Schneier, CTO, Counterpane Internet Security, Inc. All over the globe, social engineering is a dominant and growing threat to organizational security. Since January 2015, the number of social engineering victims identified by the FBI has increased 270 percent, costing businesses more than $2.3 billion.
Phishers unleash simple but effective social engineering techniques using PDF attachments
The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg.
Download at your own risk: Bitcoin miners bundled with game repacks
Recently we have seen an emerging trend among malware distributors – Bitcoin miners being integrated into installers of game repacks.
Warnings, /sdl, and improving uninitialized variable detection
Tim Burrell and Thomas Garnier of the TwC Security Science team present the sixth and last blog installment describing more /sdl functionality in Visual Studio 2012 RC. Please note that there will be an MSDN webcast discussing the security enhancements to Visual Studio 2012 RC – a wrap-up of sorts – on June 13 at 9:00AM (PST).
Secure Credential Storage
Pop security quiz: What’s the most secure way to store a secret? a) Encrypt it with a strong symmetric cryptographic algorithm such as AES, using a 256-bit key. b) Encrypt it with a strong asymmetric cryptographic algorithm such as RSA, using a 4096-bit key.