CVE-2022-26925 : Patchez vos machines Windows sans attendre
CVE-2022-26925 : Microsoft a corrigé une faille de sécurité zero-day qui touche toutes les versions de Windows et qui permet une attaque par relais NTLM.
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins
Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms Mountain View, California, MAY 5, 2022 – In a joint effort to make the web […]
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavior and will provide investigation guidance.
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.
Lapsus$ hackers leak 37GB of Microsoft's alleged source code
The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server.
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft's Official Store
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store
Dropping Files on a Domain Controller Using CVE-2021-43893
On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.
Who Needs to Exploit Vulnerabilities When You Have Macros?
Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities....
Helping users stay safe: Blocking internet macros by default in Office
Changing Default Behavior We’re introducing a default change for five Office apps that run macros: VBA macros obtained from the internet will now be blocked by default.