Business email compromise campaign targets wide range of orgs with gift card scam

Credit to Author: Eric Avena| Date: Thu, 06 May 2021 16:00:15 +0000

Read our investigation of a BEC campaign that used attacker-created email infrastructure to facilitate gift card theft targeting the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.

The post Business email compromise campaign targets wide range of orgs with gift card scam appeared first on Microsoft Security.

Read more

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

Credit to Author: Eric Avena| Date: Thu, 29 Apr 2021 17:00:48 +0000

Microsoft is happy to have contributed and worked closely with the Center for Threat-Informed Defense and other partners to develop the MITRE ATT&CK® for Containers matrix.

The post Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix appeared first on Microsoft Security.

Read more

Investigating a unique “form” of email delivery for IcedID malware

Credit to Author: Eric Avena| Date: Fri, 09 Apr 2021 16:31:05 +0000

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are instead led to the download of IcedID, an info-stealing malware.

The post Investigating a unique “form” of email delivery for IcedID malware appeared first on Microsoft Security.

Read more

New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats

Credit to Author: Eric Avena| Date: Tue, 30 Mar 2021 15:00:56 +0000

The March 2021 Security Signals report showed that more than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.

The post New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats appeared first on Microsoft Security.

Read more

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

Credit to Author: Eric Avena| Date: Thu, 18 Mar 2021 22:00:47 +0000

Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. We have taken this additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update.

The post Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus appeared first on Microsoft Security.

Read more

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Credit to Author: Eric Avena| Date: Thu, 04 Mar 2021 17:00:02 +0000

Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.

The post GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence appeared first on Microsoft Security.

Read more

XLM + AMSI: New runtime defense against Excel 4.0 macro malware

Credit to Author: Eric Avena| Date: Wed, 03 Mar 2021 17:00:54 +0000

We have recently expanded the integration of Antimalware Scan Interface (AMSI) with Office 365 to include the runtime scanning of Excel 4.0 (XLM) macros, to help antivirus solutions tackle the increase in attacks that use malicious XLM macros.

The post XLM + AMSI: New runtime defense against Excel 4.0 macro malware appeared first on Microsoft Security.

Read more

HAFNIUM targeting Exchange Servers with 0-day exploits

Credit to Author: Eric Avena| Date: Tue, 02 Mar 2021 21:07:53 +0000

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and install additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM.

The post HAFNIUM targeting Exchange Servers with 0-day exploits appeared first on Microsoft Security.

Read more