Found 311 bookmarks
Custom sorting
ZINC weaponizing open-source software - Microsoft Security Blog
ZINC weaponizing open-source software - Microsoft Security Blog
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.
#microsoft#EN#2022#Microsoft#weaponized#ZINC#open-source#MSTIC#apt#North-Korea
·microsoft.com·
ZINC weaponizing open-source software - Microsoft Security Blog
Preparing for a Russian cyber offensive against Ukraine this winter
Preparing for a Russian cyber offensive against Ukraine this winter
As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.
#Microsoft#EN#2022#iridium#russia-ukraine-war#Russia#cyberoffensive#analysis#winter
·blogs.microsoft.com·
Preparing for a Russian cyber offensive against Ukraine this winter
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war, as Russia launched both physical and digital attacks against Ukraine. This year’s Microsoft Digital Defense Report provides new detail on these attacks and on increasing cyber aggression coming from authoritarian leaders around the world.
#microsoft#EN#2022#report#authoritarian#leaders#defense
·blogs.microsoft.com·
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
#microsoft#EN#2022#Raspberry-Robin#malware#ecosystem#FakeUpdates#DEV-0651
·microsoft.com·
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
#Microsoft#EN#2022#CVE-2022-37972#Endpoint-Configuration-Manager#patch#vulnerability
·securityweek.com·
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Peut-on encore, en Suisse, recourir à des services cloud offerts par Microsoft ?
Peut-on encore, en Suisse, recourir à des services cloud offerts par Microsoft ?
Dans une prise de position publiée le 13 juin 2022, le Préposé fédéral à la protection des données et à la transparence a estimé que le recours aux services cloud M365 de Microsoft serait susceptible de violer la Loi fédérale sur la protection des données, quand bien même le projet de la Caisse nationale suisse d'assurance en cas d'accidents (SUVA) envisage que les données soient hébergées en Suisse et que le cocontractant du responsable du traitement soit une entité européenne du Groupe Microsoft.
#swissprivacy#FR#2022#CH#Suisse#Préposé-fédéral#Microsoft#cloud#protection#données#Cloud-Act
·swissprivacy.law·
Peut-on encore, en Suisse, recourir à des services cloud offerts par Microsoft ?
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers.
#microsoft#EN#2022#KNOTWEED#0day#0-day#CVE-2022-22047#spyware#PSOA
·microsoft.com·
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).
#microsoft#EN#2022#phishing#MFA#AiTM#hijack#session
·microsoft.com·
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.
#microsoft#EN#2022#CVE-2022-26706#macOS#Sandbox#escape#Apple
·microsoft.com·
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog