Microsoft Secure

Microsoft Secure

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
The post Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.
The post DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

DevOps threat matrix

In this blog, we discuss threats we face in our DevOps environment, introducing our new threat matrix for DevOps. Using this matrix, we show the different techniques an adversary might use to attack an organization from the initial access phase and forward.
The post DevOps threat matrix appeared first on Microsoft Security Blog. READ MORE HERE…

Read More