Lucene search
K

22 matches found

Microsoft Secure
Microsoft Secure
added 2025/12/09 5:0 p.m.11 views

Changing the physics of cyber defense

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

6.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/12/09 5:0 p.m.5 views

Changing the physics of cyber defense

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

6.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/06/27 6:30 p.m.5 views

Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT , a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly...

7AI score
Exploits0
Securelist
Securelist
added 2023/12/21 10:0 a.m.51 views

Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

This is part five of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you havent already. You can skip to the other parts using this table of...

4.6CVSS8AI score0.48973EPSS
Exploits12
Microsoft Secure
Microsoft Secure
added 2022/10/14 7:0 p.m.32 views

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

0.5AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/09/29 4:0 p.m.39 views

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/15 10:22 a.m.69 views

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Thre...

9.8CVSS0.91501EPSS
Exploits4
Microsoft Secure
Microsoft Secure
added 2022/02/25 5:0 p.m.25 views

MSTICPy January 2022 hackathon highlights

During the month of January 2022, the Microsoft Threat Intelligence Center MSTIC ran its inaugural hackathon for the open-source Jupyter and Python Security Tools library, MSTICPy. We asked the security community for their contributions to expand and improve MSTICPy’s features and capabilities, a...

7.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/02/25 5:0 p.m.18 views

MSTICPy January 2022 hackathon highlights

During the month of January 2022, the Microsoft Threat Intelligence Center MSTIC ran its inaugural hackathon for the open-source Jupyter and Python Security Tools library, MSTICPy. We asked the security community for their contributions to expand and improve MSTICPy’s features and capabilities, a...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/12/16 6:24 a.m.156 views

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to...

10CVSS1AI score0.99999EPSS
Exploits351
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/19 7:30 p.m.50 views

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

6.3AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/16 4:0 p.m.268 views

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Over the past year, the Microsoft Threat Intelligence Center MSTIC has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state...

7.5CVSS9.4AI score0.99999EPSS
Exploits87
CISA
CISA
added 2021/11/09 12:0 a.m.78 views

Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus

On September 16, CISA released a joint alert on exploitation of a vulnerability CVE-2021-40539 in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center MSTIC released separate reports on targeted attacks against...

7.5CVSS8.7AI score0.9896EPSS
In wildExploits8References3
Microsoft Secure
Microsoft Secure
added 2021/09/28 8:0 p.m.36 views

How nation-state attackers like NOBELIUM are changing cybersecurity

This is the first post in a four-part series on the NOBELIUM nation-state cyberattack. Microsoft started telling the industry about this extremely advanced cyberattack in December 2020. The NOBELIUM blog series—which mirrors Microsoft’s four-part video series “Decoding NOBELIUM”—will pull the...

0.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/07/15 3:21 p.m.92 views

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center MSTIC alongside the Microsoft Security Response Center MSRC has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits CVE-2021-31979 and CVE-2021-33771. Private-sector offensiv...

7.2CVSS0.4AI score0.06204EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/06/14 4:0 p.m.54 views

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...

6.6AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/05/28 9:36 p.m.186 views

Breaking down NOBELIUM’s latest early-stage toolset

As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as they become available. In this blog, we highlight...

7.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/05/28 9:36 p.m.197 views

Breaking down NOBELIUM’s latest early-stage toolset

As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as they become available. In this blog, we highlight...

7.6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/05/28 1:13 p.m.45 views

Nobelium Phishing Campaign Poses as USAID

The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities. Microsoft Threat Intelligence Center MSTIC...

7.4AI score
Exploits0References9
myhack58
myhack58
added 2018/06/13 12:0 a.m.252 views

Hacking Team to make a comeback it? CVE-2018-5002 Flash 0day vulnerability APT attack analysis and Association-bug warning-the black bar safety net

60 Enterprise Security Threat Intelligence Center recently captured an example of the use of the Flash 0day vulnerability with Microsoft Office documents initiated by the APT attack case, the attack of the samples used for the first time using the non-Flash file built-in technologies, the Office...

0.3AI score0.25353EPSS
Exploits0
Rows per page
Query Builder