Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Mon, 12 Dec 2022 17:00:00 +0000
This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations.
The post IIS modules: The evolution of web shells and how to detect them appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft Security Threat Intelligence| Date: Wed, 07 Dec 2022 17:00:00 +0000
The updated threat matrix for Kubernetes comes in a new format that simplifies usage of the knowledge base and with new content to help mitigate threats.
The post Mitigate threats with the new threat matrix for Kubernetes appeared first on Microsoft Security Blog.
Read moreCredit to Author: Katie McCafferty| Date: Tue, 06 Dec 2022 17:00:00 +0000
Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.
The post DEV-0139 launches targeted attacks against the cryptocurrency industry appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Tue, 22 Nov 2022 18:00:00 +0000
Join our community of analysts and engineers at the third annual InfoSec Jupyterthon 2022, an online event taking place on December 2 and 3, 2022.
The post Join us at InfoSec Jupyterthon 2022 appeared first on Microsoft Security Blog.
Read moreCredit to Author: Katie McCafferty| Date: Tue, 22 Nov 2022 17:00:00 +0000
As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.
The post Vulnerable SDK components lead to supply chain risks in IoT and OT environments appeared first on Microsoft Security Blog.
Read moreCredit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 17 Nov 2022 17:00:00 +0000
DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.
The post DEV-0569 finds new ways to deliver Royal ransomware, various payloads appeared first on Microsoft Security Blog.
Read moreCredit to Author: Paul Oliveria| Date: Wed, 16 Nov 2022 16:00:00 +0000
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.
The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog.
Read moreCredit to Author: Paul Oliveria| Date: Tue, 15 Nov 2022 18:00:00 +0000
The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions. Organizations also have much to rejoice about during the holidays (for example, more sales for retailers and more players for gaming companies). Unfortunately, cyber attackers also look forward to this time of year to celebrate an emerging holiday tradition—distributed denial-of-service (DDoS) attacks.
The post 2022 holiday DDoS protection guide appeared first on Microsoft Security Blog.
Read more