Threat Intelligence Archives

Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection

Adversary-in-the-Middle (AiTM) phishing attacks represent an emerging and concerning trend, surpassing conventional phishing methods in their sophistication. These attacks possess the capability to maneuver around the security measures of multifactor authentication (MFA) by leveraging reverse-proxy functionality. One prominent actor, identified as DEV-1101 and tracked by Microsoft, stands responsible for the development, facilitation, and promotion of …

Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection Continue Reading

Defender for cloud’s Agentless secret scanning for virtual machines is now generally available!

Cloud cybersecurity is of paramount importance in today’s digital landscape, as organizations increasingly rely on cloud services to store and manage sensitive data, applications, and infrastructure. Attacks on cloud infrastructure pose severe risks to organizations such as data theft, ransomware attacks, crypto mining attacks, and service disruption. During a cyber-attack, after gaining initial access to …

Defender for cloud’s Agentless secret scanning for virtual machines is now generally available! Continue Reading

Simplifying Onboarding to Microsoft Defender for Cloud with Terraform

If you are looking for a way to onboard Microsoft Defender for Cloud (MDC) with Terraform, you are in luck! In this blog post, we will introduce you to a new Terraform module that simplifies and enhances the onboarding experience for MDC in Azure. This module allows you to configure MDC plans for your Azure …

Simplifying Onboarding to Microsoft Defender for Cloud with Terraform Continue Reading

Effective novelty detection in cloud security domain

Introduction In cloud security domain, we often need to monitor entities – such as users, IP addresses, applications, or access tokens – and their patterns of behavior. We might want to detect ‘novelties’ – unexpected and previously unseen values of these entities – which can indicate security issues. Some examples of such scenarios are: IP …

Effective novelty detection in cloud security domain Continue Reading

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that …

Diamond Sleet supply chain compromise distributes a modified CyberLink installer Continue Reading

Defender for Cloud unified Vulnerability Assessment powered by Defender Vulnerability Management

Microsoft Defender for Cloud is a multicloud application protection platform (CNAPP) designed to protect your cloud-based applications from code-to-cloud. A key component of cloud security is continuously monitoring and managing new vulnerabilities across your cloud workloads. Vulnerability management helps organizations improve their security posture, reduce the attack surface, and prevent security breaches. We are thrilled …

Defender for Cloud unified Vulnerability Assessment powered by Defender Vulnerability Management Continue Reading

Securing your GitLab Environment with Microsoft Defender for Cloud

Introduction In the dynamic landscape of software development, developers across diverse organizations are embracing a wide variety of Source Code Management (SCM) and CI/CD pipeline systems to optimize their workloads. While this trend presents flexibility, collaboration, and speed to software development, the challenges of securing the application lifecycle become increasingly complex. As organizations strive to improve …

Securing your GitLab Environment with Microsoft Defender for Cloud Continue Reading

Elevating Cybersecurity Intelligence with Microsoft Sentinel’s Enrichment Widgets

At Microsoft, we are continually advancing our tools to empower users in making data-driven and informed decisions. Our latest advancement in Microsoft Sentinel is the introduction of Enrichment Widgets. Widgets provide critical enrichment data, delivering key insights often encapsulated in just a few lines of text, which is pivotal in the realm of cybersecurity. What …

Elevating Cybersecurity Intelligence with Microsoft Sentinel’s Enrichment Widgets Continue Reading

Social engineering attacks lure Indian users to install Android banking trojans

Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages designed to steal users’ information for financial fraud. Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, …

Social engineering attacks lure Indian users to install Android banking trojans Continue Reading

Active Directory Hardening Series – Part 2 – Removing SMBv1

Hi All!  Jerry Devore back again with another hardening Active Directory topic.  Before we jump into the technical stuff, I would like to briefly share some tips for structuring a protocol hardening project.  I picked up these suggestions from working with customers who have been successful in their protocol hardening efforts. Tip #1 – Collaborate …

Active Directory Hardening Series – Part 2 – Removing SMBv1 Continue Reading