Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan

Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to proactively detect and block the threat in an effective manner. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a...

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

January 10, 2022 recap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers’ software and services. By nature of Log4j being a component, the vulnerabilities affect not only...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🤝 Show your support - give a ⭐️ if you liked the content | SHARE...

PT-2021-6333 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to a lack of proper validation of user-input strings before they are used to execute system calls. This could allow an attacker to elevate their...

PT-2021-6328 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to a lack of proper validation of user-input strings before they are used to execute system calls. This could allow a remote attacker to execute...

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...

New research shows IoT and OT innovation is critical to business but comes with significant risks

The need for much improved IoT and operational technology OT cybersecurity became clearer this year with recent attacks on network devices,1 surveillance systems,2 an oil pipeline,3 and a water treatment facility,4 to name a few examples. To better understand the challenges customers are facing,...

Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center

Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit HLK compatibility tests, malware scanning, and prove their identity through extended validation EV certificates. This has significantl...

Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense

Todays threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centers SOCs must be equipped with the tools and insight to identify and resolve potentially high-impact threa...

How Red Canary and Microsoft can help reduce your alert fatigue

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Security alert fatigue Organizations often feel overwhelmed by the number of security alerts they receive. Frustrated by alert fatigue, these organizations want a deeper understandin...

How Red Canary and Microsoft can help reduce your alert fatigue

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Security alert fatigue Organizations often feel overwhelmed by the number of security alerts they receive. Frustrated by alert fatigue, these organizations want a deeper understandin...

Msticpy - Microsoft Threat Intelligence Security Tools

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicator...

Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for Enterprise and Small and Midsize Businesses

The security stakes have never been higher and, consequently, the protection of endpoints as a key component of any extended detection and response XDR strategy has never been more critical—for organizations of all sizes. Microsoft is thrilled to be recognized as a Leader in IDC’s MarketScape...

Microsoft unpacks comprehensive security at Gartner and Forrester virtual events

Every day, Microsoft is committed to maintaining comprehensive security for all across our interconnected global community. With that purpose in mind, we recently sponsored the 2021 Gartner Security and Risk Summit and 2021 Forester Security and Risk Forum, where we discussed ongoing changes in t...

Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365

Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how easy it is for bad actors to distribute a...

Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365

Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how easy it is for bad actors to distribute a...

AI-driven adaptive protection against human-operated ransomware

In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we...

AI-driven adaptive protection against human-operated ransomware

In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we...

AzureHunter - A Cloud Forensics Powershell Module To Run Threat Hunting Playbooks On Data From Azure And O365

A Powershell module to run threat hunting playbooks on data from Azure and O365 for Cloud Forensics purposes. Getting Started 1. Check that you have the right O365 Permissions The following roles are required in Exchange Online, in order to be able to have read only access to the UnifiedAuditLog:...