Monday, November 18, 2024
Latest:

Microsoft security intelligence

Microsoft Secure 

New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats

TH Author , , ,

The March 2021 Security Signals report showed that more than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.
The post New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Analyzing attacks taking advantage of the Exchange Server vulnerabilities

TH Author , , , , , , , , , ,

Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. As organizations recover from this incident, we continue to publish guidance and share threat intelligence to help detect and evict threat actors from affected environments.
The post Analyzing attacks taking advantage of the Exchange Server vulnerabilities appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

TH Author , , , , , , , ,

Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. We have taken this additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update.
The post Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

TH Author , , , , , , ,

Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.
The post GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

XLM + AMSI: New runtime defense against Excel 4.0 macro malware

TH Author , , , , , ,

We have recently expanded the integration of Antimalware Scan Interface (AMSI) with Office 365 to include the runtime scanning of Excel 4.0 (XLM) macros, to help antivirus solutions tackle the increase in attacks that use malicious XLM macros.
The post XLM + AMSI: New runtime defense against Excel 4.0 macro malware appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

HAFNIUM targeting Exchange Servers with 0-day exploits

TH Author , , , , , , , ,

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and install additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM.
The post HAFNIUM targeting Exchange Servers with 0-day exploits appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

TH Author , , , , ,

We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.
The post Microsoft open sources CodeQL queries used to hunt for Solorigate activity appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Web shell attacks continue to rise

TH Author , , , ,

A year ago, we reported the steady increase in the use of web shells in attacks worldwide. The latest Microsoft 365 Defender data shows that this trend not only continued, it accelerated. Read our investigation into the escalating prevalence of web shells.
The post Web shell attacks continue to rise appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

TH Author , , , , , , , , ,

Sweeping research into massive attacker infrastructures, as well as our real-time monitoring of malware campaigns and attacker activity, directly inform Microsoft security solutions, allowing us to build or improve protections that block malware campaigns and other email threats, both current and future, as well as provide enterprises with the tools for investigating and responding to email campaigns in real-time.
The post What tracking an attacker email infrastructure tells us about persistent cybercriminal operations appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

ZINC attacks against security researchers

TH Author , , , , , , ,

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies.
The post ZINC attacks against security researchers appeared first on Microsoft Security. READ MORE HERE…

Read more