This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.
The post Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign appeared first on Microsoft Security Blog. READ MORE HERE…
This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.
The post Guidance for investigating attacks using CVE-2023-23397 appeared first on Microsoft Security Blog. READ MORE HERE…
This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations.
The post IIS modules: The evolution of web shells and how to detect them appeared first on Microsoft Security Blog. READ MORE HERE…
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.
The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog. READ MORE HERE…
The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
The post Defenders beware: A case for post-ransomware investigations appeared first on Microsoft Security Blog. READ MORE HERE…
In this follow-up post in our series about threat hunting, we talk about some general hunting strategies, frameworks, tools, and how Microsoft incident responders work with threat intelligence.
The post The art and science behind Microsoft threat hunting: Part 2 appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks, and how the malware’s evasion techniques are used to maintain and ensure persistence on systems.
The post Tarrask malware uses scheduled tasks for defense evasion appeared first on Microsoft Security Blog. READ MORE HERE…
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
The post Destructive malware targeting Ukrainian organizations appeared first on Microsoft Security Blog. READ MORE HERE…
This blog outlines DART’s recommendations for incident responders to investigate potential abuse of these delegated admin permissions, independent of the threat actor.
The post How to investigate service provider trust chains in the cloud appeared first on Microsoft Security Blog. READ MORE HERE…
This blog discusses DART’s investigation techniques and approach to responding to password spray attacks while outlining recommendations for protecting against them.
The post Protect your business from password sprays with Microsoft DART recommendations appeared first on Microsoft Security Blog. READ MORE HERE…