Microsoft security intelligence Archives - Page 14 of 20

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

January 20, 2021 TH Author Cybersecurity, Microsoft security intelligence, Raindrop, Solorigate, Sunburst, TEARDROP

One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?
The post Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

January 14, 2021 TH Author Azure Defender, Cybersecurity, Microsoft 365 Defender, Microsoft security intelligence, sec admins, Solorigate, Sunburst

This blog is a guide for security administrators using Microsoft 365 Defender and Azure Defender to identify and implement security configuration and posture improvements that harden enterprise environments against Solorigate’s attack patterns.
The post Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Using Microsoft 365 Defender to protect against Solorigate

December 28, 2020 TH Author Cybersecurity, Microsoft 365 Defender, Microsoft security intelligence, Solorigate

This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment.
The post Using Microsoft 365 Defender to protect against Solorigate appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Advice for incident responders on recovery from systemic identity compromises

December 21, 2020 TH Author Cybersecurity, Endpoint security, incident response, Microsoft security intelligence

Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate. DART walks you through remediation steps as well as some longer term mitigations.
The post Advice for incident responders on recovery from systemic identity compromises appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

December 18, 2020 TH Author Cybersecurity, Microsoft security intelligence, Solorigate, supply chain attacks

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and protections we have built in as a result. While the full extent of…
The post Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Collaborative innovation on display in Microsoft’s insider risk management strategy

December 17, 2020 TH Author Cybersecurity, Insider risk management, Microsoft security intelligence

Partnering with organizations like Carnegie Mellon University allows us to bring their rich research and insights to our products and services, so customers can fully benefit from our breadth of signals.
The post Collaborative innovation on display in Microsoft’s insider risk management strategy appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

December 10, 2020 TH Author ad injection, Adrozek, browser modifier, Cybersecurity, Microsoft security intelligence

A persistent malware campaign has been actively distributing Adrozek, an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages and affects multiple browsers.
The post Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

EDR in block mode stops IcedID cold

December 9, 2020 TH Author Cybersecurity, EDR in block mode, endpoint detection and response (EDR), IcedID, Microsoft Defender for Endpoint, Microsoft security intelligence

Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats. Learn how it stopped an IcedID attack.
The post EDR in block mode stops IcedID cold appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Trickbot disrupted

October 12, 2020 TH Author Cybersecurity, DCU, Microsoft security intelligence, TrickBot

Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to take down key Trickbot infrastructure.
The post Trickbot disrupted appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Sophisticated new Android malware marks the latest evolution of mobile ransomware

October 8, 2020 TH Author Android, Cybersecurity, human-operated ransomware, Microsoft security intelligence, mobile malware, mobile threat defense, ransomware

We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms.
The post Sophisticated new Android malware marks the latest evolution of mobile ransomware appeared first on Microsoft Security. READ MORE HERE…