Destructive malware targeting Ukrainian organizations
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
-
-
New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data. -
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. -
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. -
Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center
Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. -
NICKEL targeting government organizations across Latin America and Europe
China-based threat actor NICKEL has been targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, and Europe. -
Join us at InfoSec Jupyterthon 2021
We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. -
Iranian targeting of IT sector on the rise
Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks. -
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. -
AI-driven adaptive protection against human-operated ransomware
We developed a cloud-based machine learning system that, when queried by a device, intelligently predicts if it is at risk, then automatically issues a more aggressive blocking verdict to protect the device, thwarting an attacker’s next steps. -
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks. -
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign.
