Remote procedure call (RPC) is a protocol commonly abused by attackers that allows functions implemented in a separate process, and potentially on a remote machine, to be called as if they were local. Many core Windows and Active Directory capabilities are built on or make use of RPC, which makes it…
News Feed
Aggregated from vendor blogs, The Register, NCSC UK, IT Pro, and more.
Modern ransomware attacks are increasingly designed to blend in with normal IT operations, using trusted administrative tools to quietly weaken defenses and distribute malicious payloads at scale. In a recent real‑world incident, a human‑operated ransomware actor attempted to do exactly that by abus…
Deploying Microsoft Defender on high-value assets (HVAs) such as domain controllers, ADFS servers, and other Tier-0 systems, requires a thoughtful approach to balance strong protection with operational stability. Given the powerful response capabilities available, organizations often seek greater co…
Understanding the Secure Boot certificate challenge Secure Boot is a foundational security feature that validates the integrity of your device's boot process, ensuring only trusted software can run during system startup. This protection has been quietly defending enterprise devices since 2012, but t…
See exactly which security configurations are enforced on your device Security teams spend significant time defining policies for Microsoft Defender security settings. But when it comes to investigations or troubleshooting, the real question is often simple: what is currently being enforced on this …
Onboarding all devices in your estate is paramount for strong security posture. In fact, Microsoft Threat Intelligence research shows that in the majority of ransomware attacks, the spreader machine was a device that was not yet onboarded. But customers often struggle to follow complex steps that di…
In dynamic investigation environments, preparation and agility are key. Security analysts working with live response in Microsoft Defender often rely on scripts and tools to triage, investigate, and remediate threats. Until now, these assets had to be uploaded during active sessions, limiting manage…
This year at Microsoft Ignite, Microsoft Defender is announcing exciting innovations for endpoint protection that help security teams deploy faster, gain more visibility, and proactively block attackers during active attacks: Predictive shielding: Defender is the first security solution to not only …