Microsoft security intelligence – Page 9 – Computer Security Articles

Credit to Author: Katie McCafferty| Date: Tue, 26 Apr 2022 16:00:00 +0000

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.

The post Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn appeared first on Microsoft Security Blog.

Microsoft Security

Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware

April 13, 2022 admin cybersecurity, Microsoft security intelligence, Zloader

Credit to Author: Paul Oliveria| Date: Wed, 13 Apr 2022 16:00:00 +0000

Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. In this blog, we detail the various characteristics for identifying ZLoader activity, including its associated tactics, recent campaigns, and affiliated payloads, such as ransomware.

The post Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware appeared first on Microsoft Security Blog.

Microsoft Security

Tarrask malware uses scheduled tasks for defense evasion

April 12, 2022 admin cybersecurity, hafnium, microsoft detection and response team (dart), Microsoft security intelligence, tarrask

Credit to Author: Paul Oliveria| Date: Tue, 12 Apr 2022 16:00:00 +0000

Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks, and how the malware’s evasion techniques are used to maintain and ensure persistence on systems.

The post Tarrask malware uses scheduled tasks for defense evasion appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations

April 5, 2022 admin cybersecurity, microsoft, Microsoft security intelligence, mitre att&ck, mitre engenuity, Security

Credit to Author: Katie McCafferty| Date: Wed, 06 Apr 2022 01:30:07 +0000

For the fourth consecutive year, Microsoft 365 Defender demonstrated industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations. These results highlighted the importance of taking an XDR-based approach spanning endpoints, identities, email and cloud, and the importance of both prevention and protection.

The post Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations appeared first on Microsoft Security Blog.

Microsoft Security

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

April 4, 2022 admin cybersecurity, Microsoft security intelligence, spring framework, springshell, vulnerabilities

Credit to Author: Paul Oliveria| Date: Tue, 05 Apr 2022 01:11:24 +0000

Microsoft provides guidance for customers looking for protections against exploitation and ways to detect vulnerable installations on their network of the critical vulnerability CVE-2022-22965, also known as SpringShell or Spring4Shell.

The post SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations

March 31, 2022 admin cybersecurity, Microsoft security intelligence, mitre att&ck, mitre engenuity

Credit to Author: Paul Oliveria| Date: Thu, 31 Mar 2022 20:27:12 +0000

For the fourth year in a row, the independent MITRE Engenuity ATT&CK® Evaluations demonstrated that threats are no match for Microsoft’s multi-platform extended detection and response (XDR) defense capabilities.

The post Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK® Evaluations appeared first on Microsoft Security Blog.

Microsoft Security

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

March 22, 2022 admin cybersecurity, Microsoft security, Microsoft security intelligence

Credit to Author: Katie McCafferty| Date: Tue, 22 Mar 2022 22:02:50 +0000

The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.

The post DEV-0537 criminal actor targeting organizations for data exfiltration and destruction appeared first on Microsoft Security Blog.

Microsoft Security

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

March 16, 2022 admin cybersecurity, IoT, Microsoft security intelligence, trickbot

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 16 Mar 2022 15:00:00 +0000

The Microsoft Defender for IoT research team has recently discovered the exact method through which MikroTik devices are used in Trickbot’s C2 infrastructure. In this blog, we share the analysis of this method and provide insights on how attackers gain access and how they use compromised IoT devices in Trickbot attacks.

The post Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure appeared first on Microsoft Security Blog.