Microsoft Defender for Endpoint

Microsoft Secure

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

The privilege escalation hacking tool KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/ SharpMad, Whisker, and ADCSPwn tools in attacks. Although this attack won’t function for Azure Active Directory (Azure AD) joined devices, hybrid joined devices with on-premises domain controllers remain vulnerable.
The post Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp) appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
The post Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Detect active network reconnaissance with Microsoft Defender for Endpoint

Active network reconnaissance is a critical component of the cybersecurity kill chain allowing for network topography and endpoint services to be mapped and used in targeted campaigns. Microsoft Defender for Endpoint can help to detect and disrupt these attacks at the earliest stages, providing our defenders with a powerful tool to gain visibility, take appropriate action and mitigate the risk of endpoint exploitation.
The post Detect active network reconnaissance with Microsoft Defender for Endpoint appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.
The post Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign appeared first on Microsoft Security Blog. READ MORE HERE…

Read More
Microsoft Secure

Microsoft Defender for Endpoint now supports Windows 10 on Arm devices

Today, we are excited to announce that Microsoft Defender for Endpoint support of Windows 10 on Arm devices is generally available. This expanded support is part of our continued efforts to extend Microsoft Defender for Endpoint capabilities across all the endpoints defenders need to secure.
The post Microsoft Defender for Endpoint now supports Windows 10 on Arm devices appeared first on Microsoft Security. READ MORE HERE…

Read More