What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-02 00:00:00 | Embrasser l'innovation: la transition de Derrick \\ de l'équipe de renseignement des menaces de Microsoft \\ Embracing innovation: Derrick\\'s transition from banking to Microsoft\\'s Threat Intelligence team (lien direct) |
Rencontrez Derrick, un responsable de programme senior au sein de l'équipe de renseignement sur les menaces opérationnelles de Microsoft.Le rôle de Derrick \\ implique la compréhension et la carte de route de l'ensemble complet d'outils que les analystes d'Intel menacent pour collecter, analyser, traiter et diffuser l'intelligence des menaces à travers Microsoft.
L'amour de Derrick de l'apprentissage et sa curiosité naturelle l'ont conduit à une carrière dans la technologie et, finalement, à son rôle actuel chez Microsoft.
Meet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick\'s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across Microsoft. Derrick\'s love of learning and his natural curiosity led him to a career in technology and ultimately, to his current role at Microsoft. |
Tool Threat | ★★ | |
|
2024-03-08 00:00:00 | Mise à jour sur les actions de Microsoft après l'attaque par l'acteur de l'État national Midnight Blizzard Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard (lien direct) |
This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.
This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. |
Threat | ★★★ | |
|
2024-01-19 00:00:00 | Microsoft Actions après attaque par l'acteur de l'État national Midnight Blizzard Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard (lien direct) |
L'équipe de sécurité de Microsoft a détecté une attaque de l'État-nation contre nos systèmes d'entreprise le 12 janvier 2024 et a immédiatement activé notre processus de réponse pour enquêter, perturber l'activité malveillante, atténuer l'attaque et refuser à l'acteur de menace accès.Microsoft a identifié l'acteur de menace comme étant Midnight Blizzard, l'acteur russe parrainé par l'État également connu sous le nom de Nobelium.
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium. |
Threat | ★★ | |
|
2023-12-28 00:00:00 | Microsoft Adresse les abus des installateurs de l'application Microsoft addresses App Installer abuse (lien direct) |
Résumé Au cours des derniers mois, Microsoft Threat Intelligence a observé que les acteurs de la menace tirent parti des techniques d'ingénierie sociale et de phishing pour cibler les utilisateurs de Windows OS et en utilisant le schéma URI MS-Appinstaller.Nous avons abordé et atténué cette activité malveillante en désactivant par défaut MS-Appinstaller.De plus, Microsoft a coordonné les autorités de certificat pour révoquer les certificats de signature de code abusés utilisés par des échantillons de logiciels malveillants que nous avons identifiés.
Summary In recent months, Microsoft Threat Intelligence has observed threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. We have addressed and mitigated this malicious activity by turning off ms-appinstaller by default. Additionally, Microsoft has coordinated with Certificate Authorities to revoke the abused code signing certificates utilized by malware samples we have identified. |
Malware Threat | ★ | |
|
2023-11-20 00:00:00 | Célébrer dix ans du programme Bounty Microsoft Bug et plus de 60 millions de dollars Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded (lien direct) |
Cette année marque le dixième anniversaire du programme Bounty Microsoft Bug, une partie essentielle de notre stratégie proactive pour protéger les clients contre les menaces de sécurité.Depuis sa création en 2013, Microsoft a attribué plus de 60 millions de dollars à des milliers de chercheurs en sécurité de 70 pays.Ces individus ont découvert et signalé des vulnérabilités sous une divulgation de vulnérabilité coordonnée, aidant Microsoft à naviguer dans le paysage et les technologies émergentes des menaces de sécurité en constante évolution.
This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These individuals have discovered and reported vulnerabilities under Coordinated Vulnerability Disclosure, aiding Microsoft in navigating the continuously evolving security threat landscape and emerging technologies. |
Vulnerability Threat | ★★★ | |
|
2023-09-06 00:00:00 | Résultats des principales investigations techniques pour l'acquisition de clés de Storm-0558 Results of Major Technical Investigations for Storm-0558 Key Acquisition (lien direct) |
Le 11 juillet 2023, Microsoft a publié un article de blog qui détaille comment l'acteur de menace basé en Chine, Storm-0558, a utilisé une clé de consommation de compte Microsoft acquise (MSA) pour forger les jetons pour accéder à OWA et Outlook.com.Après avoir identifié que l'acteur de menace avait acquis la clé de consommation, Microsoft a effectué une enquête technique complète sur l'acquisition de la clé de signature de consommation de compte Microsoft, y compris la façon dont il a été utilisé pour accéder aux e-mails d'entreprise.
On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. |
Threat | ★★★★ | |
|
2023-07-14 02:00:00 | À quoi s'attendre lors de la signalement des vulnérabilités à Microsoft What to Expect When Reporting Vulnerabilities to Microsoft (lien direct) |
Au Microsoft Security Response Center (MSRC), notre mission est de protéger nos clients, nos communautés et Microsoft contre les menaces actuelles et émergentes à la sécurité et à la confidentialité.L'une des façons dont nous le faisons est de travailler avec des chercheurs en sécurité pour découvrir les vulnérabilités de sécurité dans nos services et nos produits, puis en s'assurant que ceux qui constituent une menace pour les clients sont réparés.
At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers get fixed. |
Vulnerability Threat | ★★ | |
|
2023-07-11 00:00:00 | Microsoft atténue l'acteur de menace basé en Chine Storm-0558 Ciblage du courrier électronique client Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email (lien direct) |
Microsoft a atténué une attaque par un acteur de menace basé en Chine, Microsoft Tracks en tant que Storm-0558, qui a ciblé les e-mails clients.Storm-0558 cible principalement les agences gouvernementales en Europe occidentale et se concentre sur l'espionnage, le vol de données et l'accès aux pouvoirs.Sur la base des informations rapportées par le client le 16 juin 2023, Microsoft a commencé une enquête sur l'activité de courrier anormal.
Microsoft has mitigated an attack by a China-based threat actor Microsoft tracks as Storm-0558 which targeted customer emails. Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access. Based on customer reported information on June 16, 2023, Microsoft began an investigation into anomalous mail activity. |
Threat | ★★★ | |
|
2023-06-16 00:00:00 | Réponse Microsoft aux attaques de déni de service distribué de couche 7 (DDOS) Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks (lien direct) |
Résumé Résumé Début début juin 2023, Microsoft a identifié des surtensions dans le trafic contre certains services qui ont temporairement eu un impact sur la disponibilité.Microsoft a rapidement ouvert une enquête et a ensuite commencé à suivre l'activité DDOS en cours par l'acteur de menace que Microsoft suit comme Storm-1359.
Ces attaques reposent probablement sur l'accès à plusieurs serveurs privés virtuels (VP) en conjonction avec une infrastructure cloud louée, des proxys ouverts et des outils DDOS.
Summary Summary Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359. These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools. |
Threat Cloud | ★★ | |
|
2023-03-14 06:00:00 | Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (lien direct) | Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure. | Vulnerability Threat | ★★★ | |
|
2023-03-14 00:00:00 | マイクロソフトは Outlook の 特権昇格の脆弱性を緩和します (lien direct) | 本ブログは、Microsoft Mitigates Outlook Elevation of Privilege Vulnerability の抄訳版です。最新の情報は原文を参照してください。 Microsoft Threat Intelligence は | Vulnerability Threat | ★ | |
|
2023-03-01 00:00:00 | Azure Kubernetes Service (AKS) Threat Hunting (lien direct) | As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases. | Threat | Uber | ★★★ |
|
2023-01-31 10:15:00 | Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process (lien direct) | > Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process Read More » | Threat | ★★ | |
|
2022-04-05 23:41:01 | Microsoft\'s Response to CVE-2022-22965 Spring Framework (lien direct) | Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability. Threat analysis of the … Microsoft's Response to CVE-2022-22965 Spring Framework Read More » | Threat | ||
|
2022-03-01 02:21:01 | Cyber threat activity in Ukraine: analysis and resources (lien direct) | Microsoft has been monitoring escalating cyber activity in Ukraine and has published analysis on observed activity in order to give organizations the latest intelligence to guide investigations into potential attacks and information to implement proactive protections against future attempts. We've brought together all our analysis and guidance for customers who may be impacted by events … Cyber threat activity in Ukraine: analysis and resources Read More » | Threat | ||
|
2021-06-25 22:18:03 | New Nobelium activity (lien direct) | The Microsoft Threat Intelligence Center is tracking new activity from the NOBELIUM threat actor. Our investigation into the methods and tactics being used continues, but we have seen password spray and brute-force attacks and want to share some details to help our customers and communities protect themselves. This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we … New Nobelium activity Read More » | Threat | ||
|
2021-06-25 19:34:58 | Investigating and Mitigating Malicious Drivers (lien direct) | The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to sharing threat intelligence with the community … Investigating and Mitigating Malicious Drivers Read More » | Threat |
1
We have: 17 articles.
We have: 17 articles.
To see everything:
Our RSS (filtrered)
