Imagine you have been the victim of a cybersecurity incident. And you suspect that a large number of accounts, or possibly the entire Active Directory, may have been compromised.

How would you proceed? In such cases, we usually recommend a mass password reset of all user accounts. But are you prepared for this?

Read the article bellow published on our Microsoft Security Experts blog, which I co-authored, to learn in what cases you should do a mass password reset of user accounts and how best to prepare for such a scenario. #microsoftir #microsoftincidentresponse #passwordreset #dart

https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/effective-strategies-for-conducting-mass-password-resets-during/ba-p/4159408

Microsoft IR’s new blog details a BlackByte ransomware incident through the full attack chain, from initial access to impact. We cover tools, techniques, and IOCs identified during our investigation, as well as detections and recommendations to defend against BlackByte ransomware attacks. #CyberSecurity #BlackByteRansomware #microsoftincidentresponse #microsoftIR

Full details shared: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Microsoft Incident Response examines how threat actors trigger Net-NTLMv2 hash leak using CVE-2023-23397 to gain unauthorized access to an organization’s environment #microsoftincidentresponse #microsoftIR: https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/