A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) and Apple released a fix.
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks.
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it.
China-based threat actor NICKEL has been targeting governments, diplomatic entities, and non-governmental organizations (NGOs) across Central and South America, the Caribbean, and Europe. Today, Microsoft announced the successful seizure of a set of NICKEL-operated websites and disruption of ongoing attacks.
Our approach to threat hunting is designed to evaluate impact and escalate potential threats for investigation, based on how damaging the potential threat would be. It is also designed for speed: due to the highly time-sensitive nature of the threat response, the most dangerous potential threats are analyzed first.
We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by Open Threat Research Forge together with Microsoft Threat Intelligence Center (MSTIC).
Microsoft has observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks.
Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. Microsoft has been working hard to understand these types of attacks and create solutions that help prevent, detect, and remediate vulnerability at the most basic point of attack, the user.
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran.
We developed a cloud-based machine learning system that, when queried by a device, intelligently predicts if it is at risk, then automatically issues a more aggressive blocking verdict to protect the device, thwarting an attacker’s next steps.
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted attacks.
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322.
