Credit to Author: Paul Oliveria| Date: Wed, 24 Aug 2022 17:00:00 +0000
Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.
The post MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone appeared first on Microsoft Security Blog.
Read moreCredit to Author: Paul Oliveria| Date: Wed, 24 Aug 2022 16:00:00 +0000
Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.
The post Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks appeared first on Microsoft Security Blog.
Read moreCredit to Author: Katie McCafferty| Date: Fri, 19 Aug 2022 21:38:06 +0000
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
The post Uncovering a ChromeOS remote memory corruption vulnerability appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 18 Aug 2022 17:00:00 +0000
To provide advanced protection against increasingly complex and evasive cryptojackers, Microsoft Defender Antivirus integrates with Intel® Threat Detection Technology (TDT) that applies machine learning to low-level CPU telemetry in detecting cryptojackers, even when the malware is obfuscated and can evade security tools.
The post Hardware-based threat defense against increasingly complex cryptojackers appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 15 Aug 2022 16:00:00 +0000
The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.
The post Disrupting SEABORGIUM’s ongoing phishing operations appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 27 Jul 2022 14:00:00 +0000
MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers.
The post Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits appeared first on Microsoft Security Blog.
Read moreCredit to Author: Katie McCafferty| Date: Tue, 26 Jul 2022 17:00:00 +0000
Attackers are increasingly leveraging managed IIS extensions as covert backdoors into servers, providing a durable persistence mechanism for attacks.
The post Malicious IIS extensions quietly open persistent backdoors into servers appeared first on Microsoft Security Blog.
Read moreCredit to Author: Paul Oliveria| Date: Wed, 13 Jul 2022 16:00:00 +0000
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.
The post Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 appeared first on Microsoft Security Blog.
Read more