Malicious OAuth applications used to compromise email servers and spread spam

Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange servers to launch spam runs.
The post Malicious OAuth applications used to compromise email servers and spread spam appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions. Users who install the mobile app are unknowingly installing an Android malware with remote access trojan (RAT) capabilities.
The post Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Microsoft investigates Iranian attacks against the Albanian government

Shortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.
The post Microsoft investigates Iranian attacks against the Albanian government appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Vulnerability in TikTok Android app could lead to one-click account hijacking

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users’ accounts with a single click.
The post Vulnerability in TikTok Android app could lead to one-click account hijacking appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.
The post MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.
The post MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
The post Uncovering a ChromeOS remote memory corruption vulnerability appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Hardware-based threat defense against increasingly complex cryptojackers

To provide advanced protection against increasingly complex and evasive cryptojackers, Microsoft Defender Antivirus integrates with Intel® Threat Detection Technology (TDT) that applies machine learning to low-level CPU telemetry in detecting cryptojackers, even when the malware is obfuscated and can evade security tools.
The post Hardware-based threat defense against increasingly complex cryptojackers appeared first on Microsoft Security Blog. READ MORE HERE…

Read more