Select Page
fbinotto_3-1695867405730.png

Azure Firewall Tips from the Field

Introduction  Hi folks! My name is Felipe Binotto, Cloud Solution Architect, based in Australia.  In this post, I will provide some tips and clarifications about Azure Firewall based on my experience from the field.    Topics  The following are the ... continue reading
Microsoft Entra Internet Access: An Identity-Centric Secure Web Gateway Solution

Microsoft Entra Internet Access: An Identity-Centric Secure Web Gateway Solution

In our previous blog, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access. This blog continues the series around Microsoft’s new SSE solution, where we’ll take a ... continue reading
Peach Sandstorm 2023 tradecraft and attack flow diagram.

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out  by an actor we track as Peach Sandstorm (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, ... continue reading
Screenshot of the infocmp utility code output

Uncursing the ncurses: Memory corruption vulnerabilities found in library

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI). Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface ... continue reading
Diagram showing the Storm-0324 attack chain from the delivery of phishing email to the deployment of the JSSLoader DLL, after which access is handed off to Sangria Tempest

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ... continue reading
Threat matrix with updated techniques included in reconnaissance, initial access, persistence, defense evasion, credential access, discovery, lateral movement, and exfiltration stages.

Cloud storage security: What’s new in the threat matrix

Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in ... continue reading
Flax Typhoon attack chain through the initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and command and control stages.

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading
Heat map of internet-exposed CODESYS devices, most of which appear throughout Europe.

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS 

Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered vulnerabilities, which affect all versions ... continue reading

Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things

The recently published United States National Cybersecurity Strategy warns that many popular Internet of Things (IoT) devices are not sufficiently secure to protect against many of today’s common cybersecurity threats.1 The strategy also cautions that many of these IoT devices ... continue reading
Screenshot of Microsoft TEams message request from an account controlled by the threat actor Midnight Blizzard

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM). This latest attack, combined with past ... continue reading