87 matches found
CVE-2025-4234
A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these...
CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials
A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these...
CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials
A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these...
PT-2025-37083
Name of the Vulnerable Software and Affected Versions: Cortex XDR Microsoft 365 Defender Pack affected versions not specified Description: The Cortex XDR Microsoft 365 Defender Pack may allow cleartext exposure of credentials. The severity of this issue is low. Recommendations: At the moment, the...
August 13, 2024—KB5041160 (OS Build 20348.2655)
August 13, 2024—KB5041160 OS Build 20348.2655 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...
Microsoft Defender for Endpoint now stops human-operated attacks on its own
Defenders need every edge they can get in the fight against ransomware. Today, were pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...
Microsoft Defender for Endpoint now stops human-operated attacks on its own
Defenders need every edge they can get in the fight against ransomware. Today, were pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...
Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise
For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response XDR capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcas...
Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise
For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response XDR capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcas...
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...
Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview ha...
Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview ha...
XDR meets IAM: Comprehensive identity threat detection and response with Microsoft
Identity has become the corporate security perimeter. The average organization used 130 different cloud applications in 2022. That’s up 18 percent from 2021 alone.1 And as organizations continue to embrace digital transformation and enable remote work, they look to identity and access management...
Threat actors strive to cause Tax Day headaches
Threat actors often take advantage of current events and major news headlines to align attacks and leverage social engineering when people could be more likely to be distracted or misled. Tax season is particularly appealing to threat actors because not only are people busy and under stress, but ...
Threat actors strive to cause Tax Day headaches
Threat actors often take advantage of current events and major news headlines to align attacks and leverage social engineering when people could be more likely to be distracted or misled. Tax season is particularly appealing to threat actors because not only are people busy and under stress, but ...
MERCURY and DEV-1084: Destructive attack on hybrid environment
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...
Microsoft Secure: Explore innovations transforming the future of security
Building a more secure future requires an end-to-end approach. There is no question that technology plays an essential role, but security will always be human-centered. That’s what Microsoft Secure is all about. It’s about sharing knowledge, best practices, and technology innovations that empower...
DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
Adversary-in-the-middle AiTM phishing kits are part of an increasing trend that is observed supplanting many other less advanced forms of phishing. AiTM phishing is capable of circumventing multifactor authentication MFA through reverse-proxy functionality. DEV-1101 is an actor tracked by Microso...
Shein's Android App Caught Transmitting Clipboard Data to Remote Servers
An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The iss...
Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
The state of cybersecurity continues to challenge defenders around the world. With hybrid work here to stay and emerging trends like Ransomware as a Service, organizations need a partner that empowers them with not only modern endpoint security but an integrated solution that helps security...