Microsoft security intelligence Archives - Page 12 of 20

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

June 30, 2021 TH Author Cybersecurity, Microsoft security intelligence, Vulnerabilities

We discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network’s security—opening the gates for attackers to roam untethered through an entire organization. We shared our findings with NETGEAR through coordinated vulnerability disclosure via Microsoft Security Vulnerability Research (MSVR), and worked closely with NETGEAR security and engineering teams to provide advice on mitigating these issues.
The post Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

June 14, 2021 TH Author Business Email Compromise (BEC), Cybersecurity, Microsoft 365 Defender, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft security intelligence

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.
The post Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Breaking down NOBELIUM’s latest early-stage toolset

May 28, 2021 TH Author Cybersecurity, Microsoft security intelligence, Microsoft Threat Intelligence Center (MSTIC), NOBELIUM

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. These tools have been observed being used in the wild as early as February 2021 attempting to gain a foothold on a variety of sensitive diplomatic and government entities.
The post Breaking down NOBELIUM’s latest early-stage toolset appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

New sophisticated email-based attack from NOBELIUM

May 28, 2021 TH Author Cybersecurity, Microsoft security intelligence, Microsoft Threat Intelligence Center (MSTIC), NOBELIUM

Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation.
The post New sophisticated email-based attack from NOBELIUM appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

May 20, 2021 TH Author Avaddon, botnet, coin miner, Cryptocurrency mining, Cybersecurity, Knot, Microsoft security intelligence, Phishing, Phorpiex, ransomware, worms

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex botnet continues to maintain a large network of bots and generates wide-ranging malicious activities. These activities have expanded to include cryptocurrency mining. Read our in-depth research into this botnet.
The post Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Business email compromise campaign targets wide range of orgs with gift card scam

May 6, 2021 TH Author BEC, Business Email Compromise, Cybersecurity, gift card scam, Microsoft Defender for Office 365, Microsoft security intelligence, Phishing

Read our investigation of a BEC campaign that used attacker-created email infrastructure to facilitate gift card theft targeting the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.
The post Business email compromise campaign targets wide range of orgs with gift card scam appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

April 29, 2021 TH Author ATT&CK for Containers, Center for Threat-Informed Defense, Cybersecurity, Kubernetes, Microsoft security intelligence, MITRE Engenuity

Microsoft is happy to have contributed and worked closely with the Center for Threat-Informed Defense and other partners to develop the MITRE ATT&CK® for Containers matrix.
The post Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Investigating a unique “form” of email delivery for IcedID malware

April 9, 2021 TH Author contact form, Cybersecurity, IcedID, Microsoft security intelligence

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are instead led to the download of IcedID, an info-stealing malware.
The post Investigating a unique “form” of email delivery for IcedID malware appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Gamifying machine learning for stronger security and AI models

April 8, 2021 TH Author AI, autonomous systems, Cybersecurity, machine learning, Microsoft security intelligence, Open Source, reinforcement learning

We are open sourcing the Python source code of a research toolkit we call CyberBattleSim, an experimental research project that investigates how autonomous agents operate in a simulated enterprise environment using high-level abstraction of computer networks and cybersecurity concepts.
The post Gamifying machine learning for stronger security and AI models appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting

April 1, 2021 TH Author Cybersecurity, human-operated ransomware, Microsoft security intelligence, Microsoft Threat Experts, probabilistic modeling, ransomware, threat actor tracking

A probabilistic graphical modeling framework used by Microsoft 365 Defender research and intelligence teams for threat actor tracking enables us to quickly predict the likely threat group responsible for an attack, as well as the likely next attack stages.
The post Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting appeared first on Microsoft Security. READ MORE HERE…