PossibleThreat Articles

Articles for the experts…

Microsoft security intelligence

Microsoft Security 

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

0 Comments , , ,

Credit to Author: Paul Oliveria| Date: Thu, 25 Aug 2022 16:00:00 +0000

Microsoft detected an Iran-based threat actor the Microsoft Threat Intelligence Center (MSTIC) tracks as MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations located in Israel.

The post MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

0 Comments , , ,

Credit to Author: Paul Oliveria| Date: Wed, 24 Aug 2022 17:00:00 +0000

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.

The post MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

0 Comments , , ,

Credit to Author: Paul Oliveria| Date: Wed, 24 Aug 2022 16:00:00 +0000

Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.

The post Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

Uncovering a ChromeOS remote memory corruption vulnerability

0 Comments , , , , ,

Credit to Author: Katie McCafferty| Date: Fri, 19 Aug 2022 21:38:06 +0000

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).

The post Uncovering a ChromeOS remote memory corruption vulnerability appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

Hardware-based threat defense against increasingly complex cryptojackers

0 Comments , , , , ,

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 18 Aug 2022 17:00:00 +0000

To provide advanced protection against increasingly complex and evasive cryptojackers, Microsoft Defender Antivirus integrates with Intel® Threat Detection Technology (TDT) that applies machine learning to low-level CPU telemetry in detecting cryptojackers, even when the malware is obfuscated and can evade security tools.

The post Hardware-based threat defense against increasingly complex cryptojackers appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

Disrupting SEABORGIUM’s ongoing phishing operations

0 Comments , , , , ,

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 15 Aug 2022 16:00:00 +0000

The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.

The post Disrupting SEABORGIUM’s ongoing phishing operations appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

0 Comments , , , ,

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 27 Jul 2022 14:00:00 +0000

MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers.

The post Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

Malicious IIS extensions quietly open persistent backdoors into servers

0 Comments , , , ,

Credit to Author: Katie McCafferty| Date: Tue, 26 Jul 2022 17:00:00 +0000

Attackers are increasingly leveraging managed IIS extensions as covert backdoors into servers, providing a durable persistence mechanism for attacks.

The post Malicious IIS extensions quietly open persistent backdoors into servers appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

0 Comments , , , ,

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 14 Jul 2022 16:00:00 +0000

A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.

The post North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware appeared first on Microsoft Security Blog.

Read more
Microsoft Security 

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

0 Comments , , ,

Credit to Author: Paul Oliveria| Date: Wed, 13 Jul 2022 16:00:00 +0000

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.

The post Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 appeared first on Microsoft Security Blog.

Read more