An integrated incident response solution with Microsoft and PwC
Microsoft Incident Response and PwC have announced a new global alliance to expand their joint Incident Response and Recovery capability.
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
How the Microsoft Incident Response team helps customers remediate threats
Microsoft Incident Response is a global team comprised of cybersecurity experts with deep, highly specialized knowledge in breach detection, response, and recovery.
The five-day job: A BlackByte ransomware intrusion case study
In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.
Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
Why a proactive detection and incident response plan is crucial for your organization
Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response.
Healthy security habits to fight credential breaches: Cyberattack Series
This is the second in an ongoing series exploring some of the most notable cases of the Microsoft Incident Response Team. In this story, we’ll explore how organizations can adopt a defense-in-depth security posture to help protect against credential breaches and ransomware attacks.
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
Microsoft Incident Response Retainer is generally available
Microsoft Security is expanding its incident response presence and we’re excited to announce the Microsoft Incident Response Retainer is now generally available.
Guidance for investigating attacks using CVE-2023-23397
This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.