DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit

DEV-1101 is an actor tracked by Microsoft responsible for the development, support, and advertising of several AiTM phishing kits, including an open-source kit capable of circumventing MFA through reverse-proxy functionality.
The post DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Protecting Android clipboard content from unintended exposure

Microsoft discovered that the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server.
The post Protecting Android clipboard content from unintended exposure appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

2022 in review: DDoS attack trends and insights

With DDoS attacks becoming more frequent, sophisticated, and inexpensive to launch, it’s important for organizations of all sizes to be proactive and stay protected. In this blog, we detail trends and insights into DDoS attacks we observed and mitigated throughout 2022.
The post 2022 in review: DDoS attack trends and insights appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability

Microsoft discovered a vulnerability in macOS, referred to as “Achilles”, allowing attackers to bypass application execution restrictions enforced by the Gatekeeper security mechanism.
The post Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

DEV-0139 launches targeted attacks against the cryptocurrency industry

Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.
The post DEV-0139 launches targeted attacks against the cryptocurrency industry appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.
The post Vulnerable SDK components lead to supply chain risks in IoT and OT environments appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Stopping C2 communications in human-operated ransomware through network protection

Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.
The post Stopping C2 communications in human-operated ransomware through network protection appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector

In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.
The post DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.
The post Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 appeared first on Microsoft Security Blog. READ MORE HERE…

Read more