Found 290 bookmarks
Custom sorting
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks
Microsoft says the early June disruptions to its Microsoft’s flagship office suite — including the Outlook email apps — were denial-of-service attacks by a shadowy new hacktivist group. In a blog post published Friday evening after The Associated Press sought clarification on the sporadic but serious outages, Microsoft confirmed that that they were DDoS attacks by a group calling itself Anonymous Sudan, which some security researchers believe is Russia-affiliated. The software giant offered few details on the attack. It did not comment on how many customers were affected.
#apnews#EN#2023#Microsoft#Outlook#denial-of-service#attacks#DoS#DDoS
·apnews.com·
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
#microsoft#EN#2023#CadetBlizzard#DEV-0586#Russia#analysis
·microsoft.com·
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device
#Microsoft#en#2023#research#vulnerability#macOS#Migraine#bypass#SIP
·microsoft.com·
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
#microsoft#EN#2023#QuaDream#spyware#spy#IoCs#DEV-0196#iOS#calendar#zero-click#REIGN
·microsoft.com·
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
Stopping cybercriminals from abusing security tools
Stopping cybercriminals from abusing security tools
Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by cybercriminals to distribute malware, including ransomware. This is a change in the way DCU has...
#microsoft#EN#2023#CobaltStrike#Fortra#ISAC#security#tools#abusing#statement
·blogs.microsoft.com·
Stopping cybercriminals from abusing security tools
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub
As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.
#microsoft#techcommunity#EN#2023#announce#Blocking#Email#Exchange#unpatched
·techcommunity.microsoft.com·
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub
ZINC weaponizing open-source software - Microsoft Security Blog
ZINC weaponizing open-source software - Microsoft Security Blog
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.
#microsoft#EN#2022#Microsoft#weaponized#ZINC#open-source#MSTIC#apt#North-Korea
·microsoft.com·
ZINC weaponizing open-source software - Microsoft Security Blog
Preparing for a Russian cyber offensive against Ukraine this winter
Preparing for a Russian cyber offensive against Ukraine this winter
As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.
#Microsoft#EN#2022#iridium#russia-ukraine-war#Russia#cyberoffensive#analysis#winter
·blogs.microsoft.com·
Preparing for a Russian cyber offensive against Ukraine this winter
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year’s Microsoft Digital Defense Report provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world.
#microsoft#EN#2022#report#authoritarian#leaders#defense
·blogs.microsoft.com·
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
#microsoft#EN#2022#Raspberry-Robin#malware#ecosystem#FakeUpdates#DEV-0651
·microsoft.com·
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
#Microsoft#EN#2022#CVE-2022-37972#Endpoint-Configuration-Manager#patch#vulnerability
·securityweek.com·
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks