Microsoft security intelligence – Page 5 – Computer Security Articles

Credit to Author: Katie McCafferty| Date: Sat, 01 Oct 2022 04:21:00 +0000

MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.

The post Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 appeared first on Microsoft Security Blog.

Microsoft Security

ZINC weaponizing open-source software

September 29, 2022 admin cybersecurity, microsoft, Microsoft security intelligence, nation-state actor, Security, Social engineering, zinc

Credit to Author: Katie McCafferty| Date: Thu, 29 Sep 2022 16:00:00 +0000

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.

The post ZINC weaponizing open-source software appeared first on Microsoft Security Blog.

Microsoft Security

Malicious OAuth applications abuse cloud email services to spread spam

September 23, 2022 admin cybersecurity, Exchange Server, malicious oauth applications, Microsoft security intelligence, spam

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 22 Sep 2022 16:00:00 +0000

Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.

The post Malicious OAuth applications abuse cloud email services to spread spam appeared first on Microsoft Security Blog.

Microsoft Security

Malicious OAuth applications used to compromise email servers and spread spam

September 22, 2022 admin cybersecurity, Exchange Server, malicious oauth applications, Microsoft security intelligence, spam

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 22 Sep 2022 16:00:00 +0000

Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange servers to launch spam runs.

The post Malicious OAuth applications used to compromise email servers and spread spam appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft investigates Iranian attacks against the Albanian government

September 8, 2022 admin cybersecurity, europium, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Thu, 08 Sep 2022 15:00:00 +0000

Shortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.

The post Microsoft investigates Iranian attacks against the Albanian government appeared first on Microsoft Security Blog.

Microsoft Security

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

September 7, 2022 admin cybersecurity, Microsoft security intelligence, phosphorus

Credit to Author: Paul Oliveria| Date: Wed, 07 Sep 2022 21:00:00 +0000

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns tied to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS.

The post Profiling DEV-0270: PHOSPHORUS’ ransomware operations appeared first on Microsoft Security Blog.

Microsoft Security

Vulnerability in TikTok Android app could lead to one-click account hijacking

August 31, 2022 admin Android, cybersecurity, microsoft, Microsoft security intelligence, Security, TikTok, Vulnerability

Credit to Author: Katie McCafferty| Date: Wed, 31 Aug 2022 16:00:00 +0000

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users’ accounts with a single click.

The post Vulnerability in TikTok Android app could lead to one-click account hijacking appeared first on Microsoft Security Blog.

Microsoft Security

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

August 25, 2022 admin cybersecurity, log4j, mercury, Microsoft security intelligence

Credit to Author: Paul Oliveria| Date: Thu, 25 Aug 2022 16:00:00 +0000

Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.

The post MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations appeared first on Microsoft Security Blog.