Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Tue, 11 Apr 2023 17:00:00 +0000

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus.

The post Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign appeared first on Microsoft Security Blog.

Read more

DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

Credit to Author: Microsoft Security Threat Intelligence| Date: Tue, 11 Apr 2023 16:00:00 +0000

Microsoft analyzes a threat group tracked as DEV-0196, the actor’s iOS malware “KingsPawn”, and their link to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infrastructure called REIGN, that’s designed to exfiltrate data from mobile devices.

The post DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia appeared first on Microsoft Security Blog.

Read more

MERCURY and DEV-1084: Destructive attack on hybrid environment

Credit to Author: Microsoft Security Threat Intelligence| Date: Fri, 07 Apr 2023 16:00:00 +0000

Microsoft detected a unique operation where threat actors carried out destructive actions in both on-premises and cloud environments.

The post MERCURY and DEV-1084: Destructive attack on hybrid environment appeared first on Microsoft Security Blog.

Read more

DevOps threat matrix

Credit to Author: Microsoft Security Threat Intelligence| Date: Thu, 06 Apr 2023 17:00:00 +0000

In this blog, we discuss threats we face in our DevOps environment, introducing our new threat matrix for DevOps. Using this matrix, we show the different techniques an adversary might use to attack an organization from the initial access phase and forward.

The post DevOps threat matrix appeared first on Microsoft Security Blog.

Read more

Discover a new era of security with Microsoft at RSAC 2023

Credit to Author: Christine Barrett| Date: Tue, 04 Apr 2023 16:00:00 +0000

Microsoft Security will be at the 2023 RSA Conference and we’d love to connect with you there. In this blog post, we share all the ways you can—plus, attend the Pre-Day with Microsoft and watch the Microsoft Security Copilot demo.

The post Discover a new era of security with Microsoft at RSAC 2023 appeared first on Microsoft Security Blog.

Read more

Discover a new era of security with Microsoft at RSA 2023

Credit to Author: Christine Barrett| Date: Tue, 04 Apr 2023 16:00:00 +0000

Microsoft Security will be at the 2023 RSA Conference and we’d love to connect with you there. In this blog post, we share all the ways you can—plus, attend the Pre-Day with Microsoft and watch the Microsoft Security Copilot demo.

The post Discover a new era of security with Microsoft at RSA 2023 appeared first on Microsoft Security Blog.

Read more

Latest Microsoft Entra advancements strengthen identity security

Credit to Author: Christine Barrett| Date: Thu, 30 Mar 2023 16:00:00 +0000

Good permissions governance and protecting against identity compromise are essential strategies for keeping your people and resources safe. Learn how the new features in Microsoft Entra can support your identity strategy.

The post Latest Microsoft Entra advancements strengthen identity security appeared first on Microsoft Security Blog.

Read more

Microsoft Secure: Explore innovations transforming the future of security

Credit to Author: Christine Barrett| Date: Tue, 28 Mar 2023 15:30:00 +0000

Microsoft Secure kicks off today with on-demand content available to those who register. We’ll share major innovations in AI, identity, and data protection to create a safer world for all.

The post Microsoft Secure: Explore innovations transforming the future of security appeared first on Microsoft Security Blog.

Read more

Microsoft Incident Response Retainer is generally available

Credit to Author: Christine Barrett| Date: Mon, 27 Mar 2023 22:00:00 +0000

Microsoft Security is expanding its incident response presence and we’re excited to announce the Microsoft Incident Response Retainer is now generally available.

The post Microsoft Incident Response Retainer is generally available appeared first on Microsoft Security Blog.

Read more