Document, Information Security and Security Intelligence

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

Microsoft 365 Defender data shows that the SEO poisoning technique is effective, given that Microsoft Defender Antivirus has detected and blocked thousands of these PDF documents in numerous environments. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. ” state Microsoft.

Antivirus

Antivirus Security Intelligence Malware Insurance

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. doc) attachments or include links to download the bait document. Source Bleeping Computer.

Banking

Banking Malware Security Intelligence Advertising

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. The phishing messages used PDF attachments and in some cases, they included links to file or document hosting services, or to OneDrive accounts hosting the PDF documents.

Phishing

Phishing Accountability Hacking Surveillance

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021. STRRAT RAT was first spotted in June 2020 by G DATA who documented its features.

Ransomware

Ransomware Malware Encryption Security Intelligence

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020.

Government

Government Banking Advertising Malware

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Architecture Backups

RevengeRAT and AysncRAT target aerospace and travel sectors

SC Magazine

MAY 14, 2021

Microsoft Security Intelligence earlier this week tweeted out that it has been tracking a campaign of remote access trojans (RATs) targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT. Photo by Joe Raedle/Getty Images).

Phishing

Phishing Scams Security Awareness Security Intelligence

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Malware

Malware Passwords Advertising Cybercrime

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

Spam messages are carrying weaponized RTF documents that could infect users with malware without any user interaction, just opening the RTF documents. pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. Windows Defender ATP detects the documents as Exploit:O97M/CVE-2017-11882.AD

Security Intelligence

Security Intelligence Advertising Malware Information Security

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload.

Malware

Malware Security Intelligence Banking Phishing

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

The macro included in the documents executes the legitimate msiexec.exe tool that downloads an MSI archive. pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019.

Security Intelligence

Security Intelligence Advertising Malware Banking

10 Reasons to Trust Your Enterprise APIs

Cisco Security

AUGUST 30, 2021

This list was originally compiled as a standard awareness document for developers and web application security practitioners. It represents a broad consensus about the most critical security risks to APIs. This plan document is the perfect addition to an existing governance policy. Maps to API1,API2,API5, and API6.

Software

Software Authentication Risk Encryption

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

It will then provide recommendations on how organizations can secure each of these components. Per Kubernetes’ documentation , kube-apiserver is the front end for the Kubernetes control plane. For information on how to secure that part of a Kubernetes cluster, click here. kube-apiserver. What it is.

Advertising

Advertising Internet Internet VPN

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks.”. Symantec has been protecting its customers from Longhorn’s tools for the past three years and has continued to track the group in order to learn more about its tools, tactics, and procedures.”

Malware

Malware Hacking Government Telecommunications

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

NOVEMBER 11, 2019

Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019. While we currently see only coin miners being dropped, we agree w/ the research community that CVE-2019-0708 (BlueKeep) exploitation can be big. ” Noble added.

Small Business

Small Business Malware Cryptocurrency Advertising

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Security Affairs

MARCH 19, 2021

According to its documentation , Kubernetes comes with load balancing features that help to distribute high network traffic and keep the deployment stable. The guidance provided above can help admins ensure container runtime security in Amazon EKS. For more information about other aspects of Amazon EKS security, click here.

Information Security

Information Security Security Intelligence Hacking Accountability

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Over the past year, Microsoft Threat Intelligence Center (MSTIC) has observed an evolution of the tools, techniques, and procedures employed by Iranian nation-state actors. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

VPN

VPN Social Engineering Accountability Media

Cybersecurity Checklist for Political Campaigns

Lenny Zeltser

MAY 3, 2019

To understand the basis for these recommendations, read the documents mentioned at the end of the post. Attackers stole sensitive documents. Adversaries have routinely pursued sensitive campaign documents. Consider when to send attachments and when to share links to documents in cloud storage. campaigns from around 2016.

Cybersecurity

Cybersecurity Social Engineering Authentication Software

Cyber Security Informer

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Emotet operators are running Halloween-themed campaigns

Trending Sources

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

STRRAT RAT spreads masquerading as ransomware

CISA alert warns of Emotet attacks on US govt entities

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

RevengeRAT and AysncRAT target aerospace and travel sectors

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

10 Reasons to Trust Your Enterprise APIs

Threat actor has been targeting the aviation industry since at least 2018

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Purple Lambert, a new malware of CIA-linked Lambert APT group

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Iran-linked APT groups continue to evolve

Cybersecurity Checklist for Political Campaigns

Stay Connected