Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation.
Research
Explore in-depth research on the latest cybersecurity threats, trends, and defense strategies. Get insights from Microsoft thatโll help you better understand and respond to todayโs challenges.
Refine results
Topic
Products and services
Publish date
Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
-
-
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. -
Onyx Sleet uses array of malware to gather intelligence for North Korea
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. -
Vulnerabilities in PanelView Plus devices could lead to remote code execution
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models. -
AI jailbreaks: What they are and how they can be mitigated
Microsoft security researchers, in partnership with other security experts, continue to proactively explore and discover new types of AI model and system vulnerabilities. -
Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. -
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that combines many tried-and-true techniques used by other North Korean threat actors, as well as unique attack methodologies to target companies for its financial and cyberespionage objectives. Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
-
Cyber Signals: Inside the growing risk of gift card fraud
In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. -
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment. -
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. -
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions.
