RSS Reader for Computer Security Articles
Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Thu, 13 Apr 2023 17:00:00 +0000
With U.S. Tax Day approaching, Microsoft has observed phishing attacks targeting accounting and tax return preparation firms to deliver the Remcos RAT and compromise target networks.
The post Threat actors strive to cause Tax Day headaches appeared first on Microsoft Security Blog.
Read MoreCredit to Author: Christine Barrett| Date: Thu, 13 Apr 2023 15:00:00 +0000
The Microsoft Supply Chain Platform was just launched to help companies protect their supply chains against cyber threats.
The post Improve supply chain security and resiliency with Microsoft appeared first on Microsoft Security Blog.
Read MoreCredit to Author: Christine Barrett| Date: Wed, 12 Apr 2023 13:00:00 +0000
LinkedIn members can use a Microsoft Entra Verified ID credential issued from their organization to verify their workplace on their public profile and add instant credibility, increasing trust and confidence in interactions.
The post LinkedIn and Microsoft Entra introduce a new way to verify your workplace appeared first on Microsoft Security Blog.
Read MoreCredit to Author: Microsoft Security Threat Intelligence – Editor| Date: Tue, 11 Apr 2023 17:00:00 +0000
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
The post Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign appeared first on Microsoft Security Blog.
Read MoreCredit to Author: Microsoft Security Threat Intelligence| Date: Tue, 11 Apr 2023 16:00:00 +0000
Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
The post DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia appeared first on Microsoft Security Blog.
Read MoreCredit to Author: Microsoft Security Threat Intelligence| Date: Fri, 07 Apr 2023 16:00:00 +0000
Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.
The post MERCURY and DEV-1084: Destructive attack on hybrid environment appeared first on Microsoft Security Blog.
Read MoreCredit to Author: Microsoft Security Threat Intelligence| Date: Thu, 06 Apr 2023 17:00:00 +0000
In this blog, we discuss threats we face in our DevOps environment, introducing our new threat matrix for DevOps. Using this matrix, we show the different techniques an adversary might use to attack an organization from the initial access phase and forward.
The post DevOps threat matrix appeared first on Microsoft Security Blog.
Read MoreCredit to Author: Christine Barrett| Date: Thu, 06 Apr 2023 16:00:00 +0000
Secure your organization’s digital estate through a comprehensive Zero Trust approach.
The post Secure hybrid and remote workplaces with a Zero Trust approach appeared first on Microsoft Security Blog.
Read More