microsoft detection and response team (dart)

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Tue, 11 Apr 2023 17:00:00 +0000

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.

The post Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign appeared first on Microsoft Security Blog.

Microsoft Security

Guidance for investigating attacks using CVE-2023-23397

March 24, 2023 admin cybersecurity, Detection and Response Team (DART), microsoft detection and response team (dart)

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Fri, 24 Mar 2023 18:30:00 +0000

This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.

The post Guidance for investigating attacks using CVE-2023-23397 appeared first on Microsoft Security Blog.

Microsoft Security

IIS modules: The evolution of web shells and how to detect them

December 12, 2022 admin cybersecurity, iis, microsoft detection and response team (dart), Microsoft security intelligence, Web Shell

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Mon, 12 Dec 2022 17:00:00 +0000

This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations.

The post IIS modules: The evolution of web shells and how to detect them appeared first on Microsoft Security Blog.

Microsoft Security

Token tactics: How to prevent, detect, and respond to cloud token theft

November 16, 2022 admin cloud token theft, cybersecurity, Identity and access management, Incident Response, microsoft detection and response team (dart), Microsoft security intelligence, Threat protection

Credit to Author: Paul Oliveria| Date: Wed, 16 Nov 2022 16:00:00 +0000

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft Security tips for mitigating risk in mergers and acquisitions

November 2, 2022 admin cybersecurity, dart, Detection and Response Team (DART), microsoft detection and response team (dart), microsoft security experts

Credit to Author: Christine Barrett| Date: Wed, 02 Nov 2022 16:00:00 +0000

Mergers and acquisitions can be challenging. Microsoft’s Security Experts share what to ask before, during, and after one to secure identity, access control, and communications.

The post Microsoft Security tips for mitigating risk in mergers and acquisitions appeared first on Microsoft Security Blog.

Microsoft Security

Defenders beware: A case for post-ransomware investigations

October 18, 2022 admin cybersecurity, microsoft detection and response team (dart), Microsoft security intelligence, ransomware

Credit to Author: Paul Oliveria| Date: Tue, 18 Oct 2022 18:00:00 +0000

The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.

The post Defenders beware: A case for post-ransomware investigations appeared first on Microsoft Security Blog.

Microsoft Security

The art and science behind Microsoft threat hunting: Part 2

September 21, 2022 admin cybersecurity, dart, microsoft detection and response team (dart), Threat protection

Credit to Author: Matt Thomas| Date: Wed, 21 Sep 2022 16:00:00 +0000

In this follow-up post in our series about threat hunting, we talk about some general hunting strategies, frameworks, tools, and how Microsoft incident responders work with threat intelligence.

The post The art and science behind Microsoft threat hunting: Part 2 appeared first on Microsoft Security Blog.

Microsoft Security

Tarrask malware uses scheduled tasks for defense evasion

April 12, 2022 admin cybersecurity, hafnium, microsoft detection and response team (dart), Microsoft security intelligence, tarrask

Credit to Author: Paul Oliveria| Date: Tue, 12 Apr 2022 16:00:00 +0000

Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks, and how the malware’s evasion techniques are used to maintain and ensure persistence on systems.

The post Tarrask malware uses scheduled tasks for defense evasion appeared first on Microsoft Security Blog.

← Previous