Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
Microsoft discovered a vulnerability in macOS, referred to as “Achilles”, allowing attackers to bypass application execution restrictions enforced by the Gatekeeper security mechanism.
IIS modules: The evolution of web shells and how to detect them
This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations.
Mitigate threats with the new threat matrix for Kubernetes
The updated threat matrix for Kubernetes comes in a new format that simplifies usage of the knowledge base and with new content to help mitigate threats.
Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.
Vulnerability in TikTok Android app could lead to one-click account hijacking
Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users’ accounts with a single click.
Cyber Signals: 3 strategies for protection against ransomware
New Cyber Signals shows more than 80 percent of ransomware attacks can be traced to common configuration errors. Here’s how we can get ahead of these attacks together as a cyber defender community.
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.
Uncovering a ChromeOS remote memory corruption vulnerability
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
Hardware-based threat defense against increasingly complex cryptojackers
To provide advanced protection against increasingly complex and evasive cryptojackers, Microsoft Defender Antivirus integrates with Intel® Threat Detection Technology (TDT) that applies machine learning to low-level CPU telemetry in detecting cryptojackers, even when the malware is obfuscated and can evade security tools.
Malicious IIS extensions quietly open persistent backdoors into servers
Attackers are increasingly leveraging managed IIS extensions as covert backdoors into servers, providing a durable persistence mechanism for attacks.