Elliot's Avatar

Elliot

@journalizer.bsky.social

Director for Microsoft Threat Intelligence, podcast producer, chicken tender.

308 Followers  |  214 Following  |  52 Posts  |  Joined: 03.07.2023  |  2.0969

Latest posts by journalizer.bsky.social on Bluesky

Beyond immediate containment, Microsoft IR supports recovery, future planning, and building long-term resilience. According to Adrian Hill, lead investigator for Microsoft IR, β€œThe customer needs to be successful. The only way to do that is to ensure that everyone is successful.”

01.10.2025 19:34 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

By leading with empathy and collaboration, Microsoft IR unites vendors and internal teams to stabilize crises and uncover hidden threats, ensuring unified action. This approach means that every engagement restores the customer and simultaneously strengthens the broader security ecosystem.

01.10.2025 19:33 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Video thumbnail

The nature of incident response is its chaos, and the second chapter of our four-part Inside Microsoft Threat Intelligence miniseries displays how Microsoft’s IR team thrives amid disorder, stepping in when environments are compromised and confidence is shaken: msft.it/63322svfky

01.10.2025 19:29 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Video thumbnail

"Microsoft Threat Intelligence is fully focused on disrupting threat actor activity."

The first of a four-part Inside Microsoft Threat Intelligence miniseries gives behind-the-scenes look at how Microsoft's Digital Crimes Unit disrupted Storm-1152: msft.it/63327sWnGF

17.09.2025 22:38 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
From Insight to Disruption | Security Insider How Microsoft disrupted Storm-1152’s 750 million fake accounts. See how threat intelligence becomes action, disruption, and protection.

Full episode here www.microsoft.com/en-us/securi...

17.09.2025 14:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Each episode will offer an inside look at Microsoft Security's threat intelligence capability that is designed to reduce risk, improve resilience, and empower security teams across the globe.

17.09.2025 14:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

This week we are releasing episode one of Inside Microsoft Threat Intelligence, a new series highlighting the power of our 10,000-strong security team.

17.09.2025 14:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Video thumbnail

The world of cybercrime is becoming commercialized, mercenaries for hire if you will, but Microsoft Threat Intelligence and our Digital Crimes Unit use intel to disrupt their actions.

17.09.2025 14:07 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
The Rise of AI-Powered Interview Cheating From astroturfing Reddit to evading anti-cheating tools, InterviewHammer exposes a darker side of AI in hiring

Spidey senses ever go off during a remote interview with a candidate that they may be getting some AI assistance? Unfortunately there are new tools that make this even easier www.adoptingzerotrust.com/p/the-rise-o...

22.08.2025 15:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Yesterday at Black Hat we had an awesome lineup of experts ranging from Tom Gallagher, Travis Schack, Kendra Cooley, and Sherrod DeGrippo.

Going for round two, and having MSRC’s podcast takeover, Blain Hailemariam running KC7, and I’ll be moderating a few chats in between.

07.08.2025 13:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Kicked off our series of podcasts and interviews here at Black Hat. Come on by booth 2246.

06.08.2025 17:17 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Customers should apply the on-premises SharePoint Server security updates immediately and follow the detailed mitigation guidance in the blog. The latest updates include additional TTPs of the new activity, additional IOCs, and expanded mitigation, protection, and hunting guidance.

24.07.2025 01:14 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Customers should apply these updates immediately to ensure they are protected.

We updated our blog with expanded analysis and threat intelligence from newly observed activity by Storm-2603 leading to the deployment of Warlock ransomware. msft.it/63320s134O

24.07.2025 01:12 β€” πŸ‘ 7    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Video thumbnail

Knockout Tour is the best

18.06.2025 01:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Announcing a new strategic collaboration to bring clarity to threat actor naming | Microsoft Security Blog Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.

Microsoft and CrowdStrike are teaming up to create alignment across our threat actor taxonomies, mapping where knowledge of these actors align to enable security professionals to connect insights faster and make decisions with greater confidence. https://msft.it/63327SlOeJ

02.06.2025 16:18 β€” πŸ‘ 11    πŸ” 6    πŸ’¬ 2    πŸ“Œ 6
Post image

Always bribe your audience with candy

01.05.2025 20:50 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Spot me at RSAC next week for w bootleg sticker

24.04.2025 14:34 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

BREAKING.

From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.

15.04.2025 17:23 β€” πŸ‘ 686    πŸ” 418    πŸ’¬ 37    πŸ“Œ 205
Video thumbnail

You should definitely not join the Microsoft Threat Intelligence panel during RSAC… microsoftsecurityevents.eventbuilder.com/event/88614?...

28.03.2025 13:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications. 1/

25.03.2025 22:52 β€” πŸ‘ 4171    πŸ” 1398    πŸ’¬ 133    πŸ“Œ 191
Preview
Third-Party Risk Management: When to Accept or Reject Vendor Documentation Season 1, Episode 8: Stanley Krochik, the Senior Security Third Party Risk Manager at Handshake, shares his POV on receiving low-quality SOC 2s.

This week on GRC Uncensored we take a look at some of the nuance that allows third-party risk teams to reject or accept audit documentation grcpod.substack.com/p/third-part...

27.03.2025 15:27 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

When people spam your subreddit so you tell them to get out the chalk 🀣

25.03.2025 21:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

After a brief memorial, laz lit the cigarette at 11:37. The 2025 Barkley Marathons has begun. #BM100

18.03.2025 15:39 β€” πŸ‘ 1040    πŸ” 151    πŸ’¬ 22    πŸ“Œ 91
Post image

I connected with Dave over at CyberWire Daily and Dr Zero Trust during ZTW to chat AI, regulations, and what's ahead in cybersecurity www.adoptingzerotrust.com/p/live-at-zt...

06.03.2025 16:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Silk Typhoon targeting IT supply chain | Microsoft Security Blog Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing I...

New from Microsoft Threat Intelligence: Silk Typhoon is an espionage-focused Chinese state actor whose activities indicate that they are a well-resourced and technically efficient group with the ability to quickly operationalize exploits for zero-day vulnerabilities in edge devices.

05.03.2025 12:56 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Run 15 miles and all of a sudden Garmin thinks you’re going to die (same watch I’ve done 2x 100 milers with).

01.03.2025 16:20 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Wrapping up day two of Zero Trust World

20.02.2025 20:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Predicting the year of cybersecurity ahead (minus regulations) S04 EP 02: Common themes we can expect to see in 2025

Check the full episode of AZT here where we predict some common security themes for the year ahead www.adoptingzerotrust.com/p/predicting...

19.02.2025 13:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Should we still be making our teams rotate their password every few months? Maybe not…

19.02.2025 13:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Storm-2372 conducts device code phishing campaign | Microsoft Security Blog Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign ...

More details and detections here www.microsoft.com/en-us/securi...

14.02.2025 02:50 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@journalizer is following 20 prominent accounts