The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, …
Category: Cyber Security News
AhnLab SEcurity intelligence Center (ASEC) recently found that XMRig CoinMiner is being distributed through game hacks. The process is similar to previously covered cases where file-sharing platforms were used to …
For the latest discoveries in cyber research for the week of 22nd January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Microsoft disclosed that they detected an attack against …
Access the first two cloud investigation guides from Microsoft Incident Response to improve triage and analysis of data in Microsoft 365 and Microsoft Entra ID. The post New Microsoft Incident …
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, …
For the latest discoveries in cyber research for the week of 15th January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The ransomware-as-a-service group Medusa has breached Water for …
Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of …
For the latest discoveries in cyber research for the week of 1st January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES After ransomware gang INC claimed an attack on …
For the latest discoveries in cyber research for the week of 1st January, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) …
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute …
For the latest discoveries in cyber research for the week of 25th December, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Australia’s largest non-profit healthcare provider, St. Vincent’s Health …
For the latest discoveries in cyber research for the week of 18th December, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Ukraine’s largest mobile operator, Kyivstar, was hit by …
Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server …
Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks. The post Threat actors misuse OAuth applications to automate financially driven attacks …
The Microsoft Incident Response team shares a downloadable, interactive, people-centric, guide to effective incident response. The post New Microsoft Incident Response team guide shares best practices for security teams and …
For the latest discoveries in cyber research for the week of 11th December, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The American Greater Richmond Transit Company (GRTC), which …
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has improved their detection evasion capabilities since 2022 …
In real-world customer engagements, Microsoft IR sees combinations of issues and misconfigurations that could lead to attacker access to customers’ Microsoft Entra ID tenants. Reducing risk and exposure of your …
Our fourth installation in the Cyberattack Series examines a smishing and social engineering attack and outlines the steps organizations can take to help minimize the risk and prepare for the …
For the latest discoveries in cyber research for the week of 4th December, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point Research provides highlights about Cyber Av3ngers …
Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against …
Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a …
Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages and malicious applications designed to impersonate legitimate organizations and steal users’ information …
For the latest discoveries in cyber research for the week of 20th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Russia-affiliated military intelligence group SandWorm is reportedly responsible …
For the latest discoveries in cyber research for the week of 13th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES US unit of China’s largest bank, the Industrial …
For the latest discoveries in cyber research for the week of 6th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Boeing has acknowledged that a cyber-attack had affected …
Microsoft Incident Response and PwC have announced a new global alliance to expand their joint Incident Response and Recovery capability. In this partnership, Microsoft IR will begin the initial containment …
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries. The post Octo …
In early September 2022, we discovered several new malware samples belonging to the MATA cluster. As we were collecting and analyzing the relevant telemetry data, we realized the campaign had …
More than a week after it suffered a crippling ransomware attack, the hotel giant MGM is struggling to recover. The attack, linked to the ransomware-as-a-service (RaaS) group known as ALPHV, …
Security teams are well aware of the growing problem of software supply chain attacks, but it’s essential that organizations stay abreast of the various threats posed to software supply chains.…
Microsoft Incident Response is a global team comprised of cybersecurity experts with deep, highly specialized knowledge in breach detection, response, and recovery. The post How the Microsoft Incident Response team …
In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to …
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment. The post Patch me if you can: …
Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response. The post Why a proactive detection and incident response plan is crucial …
After nearly a year of being disrupted by Google, the Glupteba malware botnet has again become active, infecting devices worldwide. As a result of Google’s efforts, the blockchain-enabled botnet could …
Kaspersky Lab experts discovered a targeted cyber espionage campaign, where attackers infect computers with malware that collects all recent documents on the victim’s device, archives them and passes them back …
The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of …
Cybercriminals used to generate cryptocurrencies not only computers of ordinary Internet users but also the resources of large companies, as well as the websites of government agencies of the Russian …
In September, Russian companies faced the problem of malicious software disguised as accounting documents. The launch of the virus led to leaks of personal data of users and the connection …
Cases of malicious e-mails to Russian companies have become more frequent. Attackers write on behalf of Banks, large air operators, car dealers and mass media. They offer cooperation to companies …
Specialists of the Russian company Dr Web found malicious software that threatens the MacOS operating system, which allows attackers to download and execute any Python code on the user’s device. …
Attackers hacked into the website of Arbitration court of Chelyabinsk( a federal subject of Russia, on the border of Europe and Asia) and infected the server with a data encrypting …
Herman Klimenko, adviser of the Russian President on Internet development, said that …
If you are Android user and you have an app Talking Tom 3, Smart Touch, Privacy Lock then you should be vary.
FirmEye, a Security and cyber-attack firm tracked down …
Ifwatch, a custom-built vigilant malware software changed the Wi-Fi passwords of nearly 10000 routers to make it more secure.
According to researchers at the cyber security firm Symantec, the software …