Microsoft

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 14 Sep 2023 11:30:00 +0000

A set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious actions.

The post Uncursing the ncurses: Memory corruption vulnerabilities found in library appeared first on Microsoft Security Blog.

Credit to Author: Microsoft Threat Intelligence| Date: Tue, 12 Sep 2023 17:00:00 +0000

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool […]

The post Malware distributor Storm-0324 facilitates ransomware access appeared first on Microsoft Security Blog.

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 07 Sep 2023 17:00:00 +0000

We’re announcing the release of a second version of our threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services.

The post Cloud storage security: What’s new in the threat matrix appeared first on Microsoft Security Blog.

Credit to Author: Kacey Lemieux| Date: Thu, 31 Aug 2023 16:00:00 +0000

As the world becomes more data-driven and the privacy landscape continues to evolve, the need to take a proactive privacy approach increases. Here’s how Microsoft Priva can help.

The post Navigating privacy in a data-driven world with Microsoft Priva appeared first on Microsoft Security Blog.

Credit to Author: Microsoft Threat Intelligence| Date: Thu, 24 Aug 2023 16:30:00 +0000

China-based actor Flax Typhoon is exploiting known vulnerabilities for public-facing servers, legitimate VPN software, and open-source malware to gain access to Taiwanese organizations, but not taking further action.

The post Flax Typhoon using legitimate software to quietly access Taiwanese organizations appeared first on Microsoft Security Blog.

Credit to Author: Microsoft Incident Response| Date: Tue, 15 Aug 2023 16:00:00 +0000

Microsoft Incident Response is a global team comprised of cybersecurity experts with deep, highly specialized knowledge in breach detection, response, and recovery.

The post How the Microsoft Incident Response team helps customers remediate threats appeared first on Microsoft Security Blog.

Credit to Author: Microsoft Threat Intelligence| Date: Fri, 11 Aug 2023 00:00:00 +0000

Microsoft researchers identified multiple high-severity vulnerabilities in the CODESYS V3 SDK that could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS).

The post Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS  appeared first on Microsoft Security Blog.

Credit to Author: Karen Larson| Date: Tue, 08 Aug 2023 16:00:00 +0000

As IT environments become more complex and multilayered to combat cybersecurity attacks, authentication processes for applications, operating systems, and workplace locations are increasingly managed in silos. Axiad Cloud and Microsoft Entra ID help to strengthen security perimeters by provisioning and managing phishing-resistant, passwordless credentials.

The post Boost identity protection with Axiad Cloud and Microsoft Entra ID appeared first on Microsoft Security Blog.