Elliot
@journalizer.bsky.social
Director for Microsoft Threat Intelligence, podcast producer, chicken tender.
Pinned
Elliot
@journalizer.bsky.social
· Sep 17
The world of cybercrime is becoming commercialized, mercenaries for hire if you will, but Microsoft Threat Intelligence and our Digital Crimes Unit use intel to disrupt their actions.
Reposted by Elliot
Beyond immediate containment, Microsoft IR supports recovery, future planning, and building long-term resilience. According to Adrian Hill, lead investigator for Microsoft IR, “The customer needs to be successful. The only way to do that is to ensure that everyone is successful.”
October 1, 2025 at 7:34 PM
Beyond immediate containment, Microsoft IR supports recovery, future planning, and building long-term resilience. According to Adrian Hill, lead investigator for Microsoft IR, “The customer needs to be successful. The only way to do that is to ensure that everyone is successful.”
Reposted by Elliot
By leading with empathy and collaboration, Microsoft IR unites vendors and internal teams to stabilize crises and uncover hidden threats, ensuring unified action. This approach means that every engagement restores the customer and simultaneously strengthens the broader security ecosystem.
October 1, 2025 at 7:33 PM
By leading with empathy and collaboration, Microsoft IR unites vendors and internal teams to stabilize crises and uncover hidden threats, ensuring unified action. This approach means that every engagement restores the customer and simultaneously strengthens the broader security ecosystem.
Reposted by Elliot
The nature of incident response is its chaos, and the second chapter of our four-part Inside Microsoft Threat Intelligence miniseries displays how Microsoft’s IR team thrives amid disorder, stepping in when environments are compromised and confidence is shaken: msft.it/63322svfky
October 1, 2025 at 7:29 PM
The nature of incident response is its chaos, and the second chapter of our four-part Inside Microsoft Threat Intelligence miniseries displays how Microsoft’s IR team thrives amid disorder, stepping in when environments are compromised and confidence is shaken: msft.it/63322svfky
Reposted by Elliot
"Microsoft Threat Intelligence is fully focused on disrupting threat actor activity."
The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF
The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF
September 17, 2025 at 10:38 PM
"Microsoft Threat Intelligence is fully focused on disrupting threat actor activity."
The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF
The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF
The world of cybercrime is becoming commercialized, mercenaries for hire if you will, but Microsoft Threat Intelligence and our Digital Crimes Unit use intel to disrupt their actions.
September 17, 2025 at 2:07 PM
The world of cybercrime is becoming commercialized, mercenaries for hire if you will, but Microsoft Threat Intelligence and our Digital Crimes Unit use intel to disrupt their actions.
Spidey senses ever go off during a remote interview with a candidate that they may be getting some AI assistance? Unfortunately there are new tools that make this even easier www.adoptingzerotrust.com/p/the-rise-o...
The Rise of AI-Powered Interview Cheating
From astroturfing Reddit to evading anti-cheating tools, InterviewHammer exposes a darker side of AI in hiring
www.adoptingzerotrust.com
August 22, 2025 at 3:08 PM
Spidey senses ever go off during a remote interview with a candidate that they may be getting some AI assistance? Unfortunately there are new tools that make this even easier www.adoptingzerotrust.com/p/the-rise-o...
Yesterday at Black Hat we had an awesome lineup of experts ranging from Tom Gallagher, Travis Schack, Kendra Cooley, and Sherrod DeGrippo.
Going for round two, and having MSRC’s podcast takeover, Blain Hailemariam running KC7, and I’ll be moderating a few chats in between.
Going for round two, and having MSRC’s podcast takeover, Blain Hailemariam running KC7, and I’ll be moderating a few chats in between.
August 7, 2025 at 1:40 PM
Yesterday at Black Hat we had an awesome lineup of experts ranging from Tom Gallagher, Travis Schack, Kendra Cooley, and Sherrod DeGrippo.
Going for round two, and having MSRC’s podcast takeover, Blain Hailemariam running KC7, and I’ll be moderating a few chats in between.
Going for round two, and having MSRC’s podcast takeover, Blain Hailemariam running KC7, and I’ll be moderating a few chats in between.
Kicked off our series of podcasts and interviews here at Black Hat. Come on by booth 2246.
August 6, 2025 at 5:17 PM
Kicked off our series of podcasts and interviews here at Black Hat. Come on by booth 2246.
Reposted by Elliot
Customers should apply the on-premises SharePoint Server security updates immediately and follow the detailed mitigation guidance in the blog. The latest updates include additional TTPs of the new activity, additional IOCs, and expanded mitigation, protection, and hunting guidance.
July 24, 2025 at 1:14 AM
Customers should apply the on-premises SharePoint Server security updates immediately and follow the detailed mitigation guidance in the blog. The latest updates include additional TTPs of the new activity, additional IOCs, and expanded mitigation, protection, and hunting guidance.
Reposted by Elliot
We updated our blog with expanded analysis and threat intelligence from newly observed activity by Storm-2603 leading to the deployment of Warlock ransomware. msft.it/63320s134O
Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog
Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Customers should apply these updates immediately to ensure they are protected.
msft.it
July 24, 2025 at 1:12 AM
We updated our blog with expanded analysis and threat intelligence from newly observed activity by Storm-2603 leading to the deployment of Warlock ransomware. msft.it/63320s134O
Knockout Tour is the best
June 18, 2025 at 1:26 AM
Knockout Tour is the best
Reposted by Elliot
Microsoft and CrowdStrike are teaming up to create alignment across our threat actor taxonomies, mapping where knowledge of these actors align to enable security professionals to connect insights faster and make decisions with greater confidence. https://msft.it/63327SlOeJ
Announcing a new strategic collaboration to bring clarity to threat actor naming | Microsoft Security Blog
Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.
msft.it
June 2, 2025 at 4:18 PM
Microsoft and CrowdStrike are teaming up to create alignment across our threat actor taxonomies, mapping where knowledge of these actors align to enable security professionals to connect insights faster and make decisions with greater confidence. https://msft.it/63327SlOeJ
Always bribe your audience with candy
May 1, 2025 at 8:50 PM
Always bribe your audience with candy
Spot me at RSAC next week for w bootleg sticker
April 24, 2025 at 2:34 PM
Spot me at RSAC next week for w bootleg sticker
Reposted by Elliot
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
April 15, 2025 at 5:23 PM
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
You should definitely not join the Microsoft Threat Intelligence panel during RSAC… microsoftsecurityevents.eventbuilder.com/event/88614?...
March 28, 2025 at 1:39 PM
You should definitely not join the Microsoft Threat Intelligence panel during RSAC… microsoftsecurityevents.eventbuilder.com/event/88614?...
Reposted by Elliot
Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications. 1/
March 25, 2025 at 10:52 PM
Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications. 1/
This week on GRC Uncensored we take a look at some of the nuance that allows third-party risk teams to reject or accept audit documentation grcpod.substack.com/p/third-part...
Third-Party Risk Management: When to Accept or Reject Vendor Documentation
Season 1, Episode 8: Stanley Krochik, the Senior Security Third Party Risk Manager at Handshake, shares his POV on receiving low-quality SOC 2s.
grcpod.substack.com
March 27, 2025 at 3:27 PM
This week on GRC Uncensored we take a look at some of the nuance that allows third-party risk teams to reject or accept audit documentation grcpod.substack.com/p/third-part...
When people spam your subreddit so you tell them to get out the chalk 🤣
March 25, 2025 at 9:44 PM
When people spam your subreddit so you tell them to get out the chalk 🤣
I connected with Dave over at CyberWire Daily and Dr Zero Trust during ZTW to chat AI, regulations, and what's ahead in cybersecurity www.adoptingzerotrust.com/p/live-at-zt...
March 6, 2025 at 4:36 PM
I connected with Dave over at CyberWire Daily and Dr Zero Trust during ZTW to chat AI, regulations, and what's ahead in cybersecurity www.adoptingzerotrust.com/p/live-at-zt...
New from Microsoft Threat Intelligence: Silk Typhoon is an espionage-focused Chinese state actor whose activities indicate that they are a well-resourced and technically efficient group with the ability to quickly operationalize exploits for zero-day vulnerabilities in edge devices.
Silk Typhoon targeting IT supply chain | Microsoft Security Blog
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing I...
www.microsoft.com
March 5, 2025 at 12:59 PM
New from Microsoft Threat Intelligence: Silk Typhoon is an espionage-focused Chinese state actor whose activities indicate that they are a well-resourced and technically efficient group with the ability to quickly operationalize exploits for zero-day vulnerabilities in edge devices.
Run 15 miles and all of a sudden Garmin thinks you’re going to die (same watch I’ve done 2x 100 milers with).
March 1, 2025 at 4:20 PM
Run 15 miles and all of a sudden Garmin thinks you’re going to die (same watch I’ve done 2x 100 milers with).
Wrapping up day two of Zero Trust World
February 20, 2025 at 8:27 PM
Wrapping up day two of Zero Trust World
Should we still be making our teams rotate their password every few months? Maybe not…
February 19, 2025 at 1:59 PM
Should we still be making our teams rotate their password every few months? Maybe not…