Sunday, July 6, 2025
Latest:

Cybersecurity

Microsoft Secure
TH Author

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).
The post From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Networkworld
TH Author

5 mistakes to avoid when implementing zero-trust

Interest in zero-trust security has heightened significantly over the past two years among organizations looking for better ways to control access to enterprise data in cloud and on-premises environments for remote workers, contractors and third parties.Several factors are driving the trend, including increasingly sophisticated threats, accelerated cloud adoption and a broad shift to remote and hybrid work environments because of the pandemic. Many organizations have discovered that traditional security models where everything inside the perimeter is implicitly trusted, does not work in environments where perimeters don’t exist and enterprise data and the people accessing it are increasingly distributed and decentralized.To read this article in full, please click here READ MORE HERE…

Read More
Microsoft Secure
TH Author

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve.
The post Toll fraud malware: How an Android application can drain your wallet appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure
TH Author

Using process creation properties to catch evasion techniques

We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques include process doppelganging, process herpadering, and process ghosting.
The post Using process creation properties to catch evasion techniques appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure
TH Author

Microsoft at RSA 2022: Envisioning the future of security

The 2022 RSA Conference was a great success, drawing 26,000 attendees to three days of cutting-edge security sessions, tutorials, seminars, and special events at Moscone Center in San Francisco. Microsoft Security was on the ground, interacting with customers and security professionals at Microsoft’s 20-plus earned sessions, as well as showcasing new solutions like Microsoft Entra that help realize our goal of comprehensive security.
The post Microsoft at RSA 2022: Envisioning the future of security appeared first on Microsoft Security Blog. READ MORE HERE…

Read More