Beneath the surface: Uncovering the shift in web skimming
Web skimming campaigns now employ various obfuscation techniques to deliver and hide the skimming scripts.
-
-
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware’s capabilities and key infection signs. -
In hot pursuit of ‘cryware’: Defending hot wallets from attacks
The rise in cryptocurrency market capitalization paved the way to the emergence of threats Microsoft security researchers are referring to as “cryware”—information stealers focused on gathering and exfiltrating data from non-custodial cryptocurrency wallets. -
Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders
The Center for Threat-Informed Defense, along with Microsoft and industry partners, collaborated on a repeatable methodology and a web-based calculator, aiming to streamline MITRE ATT&CK® use for defenders. -
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. -
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. -
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. -
Tarrask malware uses scheduled tasks for defense evasion
Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. -
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
Microsoft provides guidance for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical vulnerability CVE-2022-22965, also known as SpringShell or Spring4Shell. -
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. -
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
The Microsoft Defender for IoT research team has recently discovered the exact method through which MikroTik devices are used in Trickbot’s C2 infrastructure. -
MSTICPy January 2022 hackathon highlights
In January 2022, MSTIC ran its inaugural hack month for the open-source Jupyter and Python Security Tools library, MSTICPy.
