Microsoft security intelligence – Page 8 – Computer Security Articles

Android apps with millions of downloads exposed to high-severity vulnerabilities

May 28, 2022 admin Android, cybersecurity, microsoft, Microsoft security intelligence, Mobile, Security, Vulnerability

Credit to Author: Katie McCafferty| Date: Fri, 27 May 2022 16:00:00 +0000

Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.

The post Android apps with millions of downloads exposed to high-severity vulnerabilities appeared first on Microsoft Security Blog.

Microsoft Security

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

May 28, 2022 admin cybersecurity, krbrelayup, microsoft defender for endpoint, microsoft defender for identity, Microsoft security intelligence, resource-based constrained delegation (rbcd)

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 25 May 2022 21:00:00 +0000

The privilege escalation hacking tool KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/ SharpMad, Whisker, and ADCSPwn tools in attacks. Although this attack won’t function for Azure Active Directory (Azure AD) joined devices, hybrid joined devices with on-premises domain controllers remain vulnerable.

The post Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp) appeared first on Microsoft Security Blog.

Microsoft Security

Anatomy of a DDoS amplification attack

May 28, 2022 admin cybersecurity, ddos, ddos amplification, ddos protection, Microsoft security intelligence

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 23 May 2022 18:00:00 +0000

Amplification attacks are one of the most common distributed denial of service (DDoS) attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where the attacker succeeds in generating more traffic than the target can process, resulting in exhausting its resources due to the amount of traffic it receives.

The post Anatomy of a DDoS amplification attack appeared first on Microsoft Security Blog.

Microsoft Security

Beneath the surface: Uncovering the shift in web skimming

May 28, 2022 admin cybersecurity, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Mon, 23 May 2022 16:00:00 +0000

Web skimming campaigns now employ various obfuscation techniques to deliver and hide the skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected the malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions.

The post Beneath the surface: Uncovering the shift in web skimming appeared first on Microsoft Security Blog.

Microsoft Security

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

May 19, 2022 admin cybersecurity, linux, malware, microsoft, Microsoft security intelligence, Security

Credit to Author: Katie McCafferty| Date: Thu, 19 May 2022 16:00:00 +0000

Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware’s capabilities and key infection signs.

The post Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices appeared first on Microsoft Security Blog.

Microsoft Security

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

May 17, 2022 admin cryptocurrency mining, cryptojacker, Cryptojacking, cryware, cybersecurity, hot wallet, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Tue, 17 May 2022 16:00:00 +0000

The rise in cryptocurrency market capitalization paved the way to the emergence of threats Microsoft security researchers are referring to as “cryware”—information stealers focused on gathering and exfiltrating data from non-custodial cryptocurrency wallets.

The post In hot pursuit of ‘cryware’: Defending hot wallets from attacks appeared first on Microsoft Security Blog.

Microsoft Security

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

May 11, 2022 admin center for threat-informed defense, cybersecurity, human-operated ransomware, Microsoft security intelligence, mitre att&ck, ransomware

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 11 May 2022 16:00:00 +0000

The Center for Threat-Informed Defense, along with Microsoft and industry partners, collaborated on a repeatable methodology and a web-based calculator, aiming to streamline MITRE ATT&CK® use for defenders.

The post Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders appeared first on Microsoft Security Blog.

Microsoft Security

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

May 9, 2022 admin cybersecurity, human-operated ransomware, Microsoft security intelligence, ransomware, Ransomware as a Service

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 09 May 2022 13:00:00 +0000

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

The post Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself appeared first on Microsoft Security Blog.