We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign.
The post Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
The post Destructive malware targeting Ukrainian organizations appeared first on Microsoft Security Blog. READ MORE HERE…
A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) and Apple released a fix.
The post New macOS vulnerability, “powerdir,” could lead to unauthorized user data access appeared first on Microsoft Security Blog. READ MORE HERE…
Get technical information about attacks that Microsoft has observed taking advantage of CVE-2021-44228, a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell”, and guidance for detecting and investigating attacks.
The post Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation appeared first on Microsoft Security Blog. READ MORE HERE…
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan, Qakbot has evolved into a multi-purpose…
The post A closer look at Qakbot’s latest building blocks (and how to knock them down) appeared first on Microsoft Security Blog. READ MORE HERE…
China-based threat actor NICKEL has been targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, and Europe. Today, Microsoft announced the successful seizure of a set of NICKEL-operated websites and disruption of ongoing attacks.
The post NICKEL targeting government organizations across Latin America and Europe appeared first on Microsoft Security Blog. READ MORE HERE…
Our approach to threat hunting is designed to evaluate impact and escalate potential threats for investigation, based on how damaging the potential threat would be. It is also designed for speed: due to the highly time-sensitive nature of the threat response, the most dangerous potential threats are analyzed first.
The post Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense appeared first on Microsoft Security Blog. READ MORE HERE…
We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by Open Threat Research Forge together with Microsoft Threat Intelligence Center (MSTIC).
The post Join us at InfoSec Jupyterthon 2021 appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks.
The post Iranian targeting of IT sector on the rise appeared first on Microsoft Security Blog. READ MORE HERE…
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. This blog summarizes our analysis of trends in Iranian nation state actor activity and demonstrates MSTIC’s ongoing efforts to track these actors and protect customers from the related threats.
The post Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 appeared first on Microsoft Security Blog. READ MORE HERE…