Microsoft – Page 31 – PossibleThreat Articles

Credit to Author: Microsoft Security Threat Intelligence – Editor| Date: Mon, 12 Dec 2022 17:00:00 +0000

This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations.

The post IIS modules: The evolution of web shells and how to detect them appeared first on Microsoft Security Blog.

Microsoft Security

DEV-0139 launches targeted attacks against the cryptocurrency industry

December 6, 2022 0 Comments cybersecurity, malware, Microsoft, Microsoft security intelligence, Security

Credit to Author: Katie McCafferty| Date: Tue, 06 Dec 2022 17:00:00 +0000

Microsoft security researchers investigate an attack where the threat actor, tracked DEV-0139, used chat groups to target specific cryptocurrency investment companies and run a backdoor within their network.

The post DEV-0139 launches targeted attacks against the cryptocurrency industry appeared first on Microsoft Security Blog.

Microsoft Security

Implementing Zero Trust access to business data on BYOD with Trustd MTD and Microsoft Entra

November 30, 2022 0 Comments cybersecurity, Identity and access management, identity and access management series, Microsoft Intelligent Security Association (MISA), misa

Credit to Author: Christine Barrett| Date: Wed, 30 Nov 2022 17:00:00 +0000

Protect business data—and employee privacy—with conditional access on employees’ personal devices with Trustd MTD and Microsoft Entra.

The post Implementing Zero Trust access to business data on BYOD with Trustd MTD and Microsoft Entra appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft supports the DoD’s Zero Trust strategy

November 22, 2022 0 Comments cybersecurity, Zero Trust

Credit to Author: Emma Jones| Date: Tue, 22 Nov 2022 20:40:00 +0000

The Department of Defense released its formal Zero Trust strategy, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027.

The post Microsoft supports the DoD’s Zero Trust strategy appeared first on Microsoft Security Blog.

Microsoft Security

Join us at InfoSec Jupyterthon 2022

November 22, 2022 0 Comments cybersecurity, Microsoft security intelligence, microsoft threat intelligence center (mstic)

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Tue, 22 Nov 2022 18:00:00 +0000

Join our community of analysts and engineers at the third annual InfoSec Jupyterthon 2022, an online event taking place on December 2 and 3, 2022.

The post Join us at InfoSec Jupyterthon 2022 appeared first on Microsoft Security Blog.

Microsoft Security

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

November 22, 2022 0 Comments cybersecurity, IoT, Microsoft, Microsoft security intelligence, Security, vulnerability

Credit to Author: Katie McCafferty| Date: Tue, 22 Nov 2022 17:00:00 +0000

As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.

The post Vulnerable SDK components lead to supply chain risks in IoT and OT environments appeared first on Microsoft Security Blog.

Microsoft Security

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

November 17, 2022 0 Comments cybersecurity, Microsoft security intelligence, phishing, Ransomware

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 17 Nov 2022 17:00:00 +0000

DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.

The post DEV-0569 finds new ways to deliver Royal ransomware, various payloads appeared first on Microsoft Security Blog.

Microsoft Security

Microsoft contributes S2C2F to OpenSSF to improve supply chain security

November 16, 2022 0 Comments cybersecurity, IoT, iot security, iot security series

Credit to Author: Emma Jones| Date: Wed, 16 Nov 2022 18:00:00 +0000

We are pleased to announce that the S2C2F has been adopted by the OpenSSF under the Supply Chain Integrity Working Group and formed into its own Special Initiative Group. Our peers at the OpenSSF and across the globe agree with Microsoft when it comes to how fundamental this work is to improving supply chain security for everyone.

The post Microsoft contributes S2C2F to OpenSSF to improve supply chain security appeared first on Microsoft Security Blog.

Microsoft Security

Token tactics: How to prevent, detect, and respond to cloud token theft

November 16, 2022 0 Comments cloud token theft, cybersecurity, Identity and access management, Incident Response, microsoft detection and response team (dart), Microsoft security intelligence, Threat protection

Credit to Author: Paul Oliveria| Date: Wed, 16 Nov 2022 16:00:00 +0000

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog.