Azure LoLBins: Protecting against the dual use of virtual machine extensions

Azure Defender for Resource Manager automatically monitors the resource management operations. This blog discusses the threats that are caused by ‘Living off the land Binaries’.
The post Azure LoLBins: Protecting against the dual use of virtual machine extensions appeared first on Microsoft Security. READ MORE HERE…

Read more

XLM + AMSI: New runtime defense against Excel 4.0 macro malware

We have recently expanded the integration of Antimalware Scan Interface (AMSI) with Office 365 to include the runtime scanning of Excel 4.0 (XLM) macros, to help antivirus solutions tackle the increase in attacks that use malicious XLM macros.
The post XLM + AMSI: New runtime defense against Excel 4.0 macro malware appeared first on Microsoft Security. READ MORE HERE…

Read more

HAFNIUM targeting Exchange Servers with 0-day exploits

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and install additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM.
The post HAFNIUM targeting Exchange Servers with 0-day exploits appeared first on Microsoft Security. READ MORE HERE…

Read more

ZINC attacks against security researchers

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies.
The post ZINC attacks against security researchers appeared first on Microsoft Security. READ MORE HERE…

Read more

CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats

This year, we have seen five significant security paradigm shifts in our industry. This includes the acknowledgment that the greater the diversity of our data sets, the better the AI and machine learning outcomes. This diversity gives us an advantage over our cyber adversaries and improves our threat intelligence. It allows us to respond swiftly…
The post CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats appeared first on Microsoft Security. READ MORE HERE…

Read more

Why we invite security researchers to hack Azure Sphere

Fighting the security battle so our customers don’t have to IoT devices are becoming more prevalent in almost every aspect of our lives—we will rely on them in our homes, our businesses, as well as our infrastructure. In February, Microsoft announced the general availability of Azure Sphere, an integrated security solution for IoT devices and…
The post Why we invite security researchers to hack Azure Sphere appeared first on Microsoft Security. READ MORE HERE…

Read more

Microsoft Security—detecting empires in the cloud

Microsoft threat analysts have detected another evolution in GADOLINIUM’s tooling that the security community should understand when establishing defenses.
The post Microsoft Security—detecting empires in the cloud appeared first on Microsoft Security. READ MORE HERE…

Read more

STRONTIUM: Detecting new patterns in credential harvesting

Microsoft has tied STRONTIUM to a newly uncovered pattern of Office365 credential harvesting activity aimed at US and UK organizations directly involved in political elections.
The post STRONTIUM: Detecting new patterns in credential harvesting appeared first on Microsoft Security. READ MORE HERE…

Read more