Found 5 bookmarks
Newest
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.
#microsoft#EN#2025#Void#Blizzard#espionage#Russia#cloud#abuse
·microsoft.com·
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Microsoft Warns of Node.js Abuse for Malware Delivery
Microsoft Warns of Node.js Abuse for Malware Delivery
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads. Microsoft on Tuesday issued a warning over the increasing use of Node.js for the delivery of malware and other malicious payloads. The tech giant has been seeing such attacks aimed at its customers since October 2024 and some of the observed campaigns are still active in April 2025.
#securityweek#EN#2025#malware#node.js#Microsoft#Abuse
·securityweek.com·
Microsoft Warns of Node.js Abuse for Malware Delivery
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | Akamai
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | Akamai
  • Akamai security researcher Tomer Peled explored new ways to use and abuse Microsoft's UI Automation framework and discovered an attack technique that evades endpoint detection and response (EDR). To exploit this technique, a user must be convinced to run a program that uses UI Automation. This can lead to stealthy command execution, which can harvest sensitive data, redirect browsers to phishing websites, and more. Detection of this technique is challenging in several ways, including for EDR. All EDR technologies we have tested against this technique were unable to find any malicious activity. This technique can be used on every Windows endpoint with operating system XP and above. In this blog post, we provide a full write-up on how to (ab)use the UI Automation framework (including possible attacks that could leverage it) and we present a proof of concept (PoC) for each abuse vector we discuss. We also provide detection and mitigation options.
#akamai#EN#2024#Microsoft#abuse#automation-framework#UIAutomation#technique
·akamai.com·
Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation | Akamai