Information Security and Security Intelligence

DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’

Security Boulevard

NOVEMBER 3, 2023

Permalink The post DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’ appeared first on Security Boulevard. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel.

Security Intelligence

Security Intelligence Hacking Architecture Education

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Security Affairs

MAY 18, 2022

pic.twitter.com/Tro0NfMD0j — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. pic.twitter.com/stXJMDMevc — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022.

Security Intelligence

Security Intelligence Hacking Accountability Malware

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

JULY 1, 2022

Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. — Microsoft Security Intelligence (@MsftSecIntel) June 29, 2022. Follow me on Twitter: @securityaffairs and Facebook.

Security Intelligence

Security Intelligence Malware Hacking Information Security

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” reads the announcement published by Microsoft.

Antivirus

Antivirus Small Business Security Intelligence Hacking

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.

Security Intelligence

Security Intelligence Manufacturing Cyber threats Accountability

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Architecture Backups

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

— Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. Microsoft 365 Defender customers can also refer to these detections: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 5, 2020.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021.

Ransomware

Ransomware Malware Encryption Security Intelligence

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

On December 6, The Akamai Security Intelligence Response Team (SIRT) published the first update to the InfectedSlurs advisory series. The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) and earlier.

Firmware

Firmware Wireless DDOS IoT

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. The best example of the need for this is national level security intelligence, reconnaisance, and vulnerability assessment. Image from information-age.com. Know how to get data in and out of APIs.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload.

Malware

Malware Security Intelligence Banking Phishing

Security intelligence fosters vulnerability management based on prioritized risk

SC Magazine

APRIL 12, 2021

But we’re not here to harp on the problem – we want to propose a solution: Using security intelligence to enable risk-prioritized vulnerability management. Prioritize through a risk and security intelligence lens. And it’s a state of affairs that may persist indefinitely. VM teams need better software tools.

Security Intelligence

Security Intelligence Risk Media Engineering

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Learn how to build organizational security hygiene to prevent human-operated attacks: [link] — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020.

Ransomware

Ransomware Security Intelligence Encryption Advertising

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. According to Microsoft the ransomware operators compromised the exposed systems to deploy the NightSky ransomware. trendmrcio[.]com, rogerscorp[.]org, sophosantivirus[.]ga,

Ransomware

Ransomware Hacking Internet Internet

RevengeRAT and AysncRAT target aerospace and travel sectors

SC Magazine

MAY 14, 2021

Microsoft Security Intelligence earlier this week tweeted out that it has been tracking a campaign of remote access trojans (RATs) targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT. Photo by Joe Raedle/Getty Images).

Phishing

Phishing Scams Security Awareness Security Intelligence

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022.

DDOS

DDOS Wireless Security Intelligence Authentication

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021.

Antivirus

Antivirus Security Intelligence Malware Insurance

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ).

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. The final payload is the remote access Trojan FlawedAmmyy,” reads a Tweet published by Microsoft Security Intelligence.

Security Intelligence

Security Intelligence Advertising Malware Banking

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards.

Retail

Retail Security Intelligence Hacking Software

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

pic.twitter.com/EbI8kxICQG — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020. The attachment is a ZIP archive containing the familiar ISO file carrying a malicious SCR file with misleading icon pic.twitter.com/o1FbMUbTBs — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020.

Small Business

Small Business Malware Manufacturing Security Intelligence

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Researchers from Microsoft Security Intelligence are also warning of the ongoing Halloween-themed Emotet campaign. #Emotet Daily Summary Post for 2019/10/31 – Halloween Party template used on E3, E2 was Banking/IRS/Invoice/etc spam and E1 was after ENG/ESP/FRA/PRT(BR) speakers with Invoice/Billing crap. Source Bleeping Computer.

Banking

Banking Malware Security Intelligence Advertising

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Security Affairs

OCTOBER 28, 2021

Get details: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 28, 2021. System Integrity Protection (also referred to as rootless) is a macOS security feature introduced in OS X El Capitan (2015) (OS X 10.11).

Security Intelligence

Security Intelligence Hacking Technology Software

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

Microsoft is sharing information about the latest activity observed from the threat actor NOBELIUM, which has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 25, 2021.

Telecommunications

Telecommunications Technology Hacking Malware

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022. Microsoft researchers are tracking an ongoing wide-ranging click fraud campaign where attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices.

Malware

Malware Adware Ransomware Security Intelligence

Coronavirus-themed attacks May 17 ? May 23, 2020

Security Affairs

MAY 24, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Recent research shows that the oil industry — already experiencing difficulties due to COVID-19 — must remain abreast of threats to stay safe from hackers.

Advertising

Advertising Security Intelligence Hacking Information Security

Canadian intelligence agencies CSE and CSIS are divided on Huawei 5G ban

Security Affairs

NOVEMBER 14, 2019

The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) are divided over the ban of Huawei 5G technology. The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) agencies are divided over the ban of Huawei 5G technology.

Government

Government Telecommunications Wireless Security Intelligence

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021. Attackers increasingly use HTML smuggling in phishing and other email campaigns to stealthily deliver threats, but Microsoft Defender Office 365’s detonation technology provides durable protection against this evasive delivery technique.

Phishing

Phishing Banking Passwords Firewall

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. “In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload.

Security Intelligence

Security Intelligence Advertising Malware Information Security

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. The campaign slowed down over the weekend (typical of Emotet) but was back today in even larger volumes of emails in English, as well as in some European languages.

Government

Government Banking Advertising Malware

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. Microsoft has identified a new ransomware strain "Prestige" in limited targeted attacks in Ukraine and Poland. Several notable features differentiate this ransomware from other campaigns and payloads tracked by MSTIC.

Ransomware

Ransomware Telecommunications DNS Hacking

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage.

Phishing

Phishing Media Hacking Education

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage.

Phishing

Phishing Accountability Hacking Surveillance

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. The campaign slowed down over the weekend (typical of Emotet) but was back today in even larger volumes of emails in English, as well as in some European languages.

Malware

Malware Passwords Advertising Cybercrime

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

For information on how to secure that part of a Kubernetes cluster, click here. About the Author: David Bisson is an information security writer and security junkie. He’s a contributing editor to IBM’s Security Intelligence, Tripwire’s The State of Security Blog, and a contributing writer to Bora.

Advertising

Advertising Internet Internet VPN

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. Microsoft has identified a new ransomware strain "Prestige" in limited targeted attacks in Ukraine and Poland. Several notable features differentiate this ransomware from other campaigns and payloads tracked by MSTIC.

Ransomware

Ransomware Encryption Backups Security Intelligence

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) March 12, 2021. The post Researchers warn of a surge in cyber attacks against Microsoft Exchange appeared first on Security Affairs. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

10 Reasons to Trust Your Enterprise APIs

Cisco Security

AUGUST 30, 2021

Using this list as a backdrop the following best practices are presented as a call to action to help organizations take a proactive approach at addressing API security risk. See your logging documentation for more detailed information on how to log a given format. Consider an API gateway for an extra level of visibility and protection.

Software

Software Authentication Risk Encryption

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Security Affairs

JANUARY 26, 2022

link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. The security team at the UK National Health Service (NHS) also announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells.

Internet

Internet Internet Ransomware Hacking

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

link] — Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020. Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. In this blog, we detail the evolution of Trickbot, associated tactics, recent campaigns, and dive into the anatomy of a specific attack.

Banking

Banking Malware Advertising Financial Services

DEF CON 31 Packet Hacking Village – Mike Raggo’s, Chet Hosmer’s ‘OSINT for Physical Security Intelligence’

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Webinars

Trending Sources

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Webinars

Hackers are using Zerologon exploits in attacks in the wild

Microsoft Defender can now protect servers against ProxyLogon attacks

Finnish intelligence warns of Russia’s cyberespionage activities

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

STRRAT RAT spreads masquerading as ransomware

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security intelligence fosters vulnerability management based on prioritized risk

Microsoft warns about ongoing PonyFinal ransomware attacks

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

RevengeRAT and AysncRAT target aerospace and travel sectors

New InfectedSlurs Mirai-based botnet exploits two zero-days

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

A new Magecart campaign hides the malicious code in 404 error page

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Updated Kmsdx botnet targets IoT devices

Emotet operators are running Halloween-themed campaigns

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Russia-linked Nobelium APT targets orgs in the global IT supply chain

IT giants warn of ongoing Chromeloader malware campaigns

Coronavirus-themed attacks May 17 ? May 23, 2020

Canadian intelligence agencies CSE and CSIS are divided on Huawei 5G ban

HTML Smuggling technique used in phishing and malspam campaigns

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

CISA alert warns of Emotet attacks on US govt entities

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Threat actor has been targeting the aviation industry since at least 2018

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Researchers warn of a surge in cyber attacks against Microsoft Exchange

10 Reasons to Trust Your Enterprise APIs

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Microsoft partnered with other security firms to takedown TrickBot botnet

Stay Connected