Cybersecurity

Microsoft Secure

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

In-depth analysis of newly detected NOBELIUM malware: a post-exploitation backdoor that Microsoft Threat Intelligence Center (MSTIC) refers to as FoggyWeb. NOBELIUM uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificate, and token-decryption certificate, as well as to download and execute additional components.
The post FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Catching the big fish: Analyzing a large-scale phishing-as-a-service operation

With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today. We are sharing these findings so the broader community can build on them and use them to enhance email filtering rules as well as threat detection technologies like sandboxes to better catch these threats.
The post Catching the big fish: Analyzing a large-scale phishing-as-a-service operation appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

This blog details our in-depth analysis of the attacks that used the CVE-2021-40444, provides detection details and investigation guidance for Microsoft 365 Defender customers, and lists mitigation steps for hardening networks against this and similar attacks.
The post Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability appeared first on Microsoft Security Blog. READ MORE HERE…

Read More