We have actually just recently revealed a massive, multi-phase project that includes an unique method to standard phishing methods by signing up with an attacker-operated gadget to a company’’ s network to additional propagate the project. We observed that the 2nd phase of the project achieved success versus victims that did not execute multifactor authentication […]
Tag Archives: cybersecurity
Celebrating 20 Years of Trustworthy Computing
20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing (TwC) initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo called upon teams to deliver products that are “as available, […]
How to avoid data breaches and keep your personal data secure online
Data breaches are a danger for anybody who utilizes the web, no matter their age. Anchiy/Getty Images .An information breach is when your individual information is accessed, copied, or altered by somebody without your approval.The majority of information breaches include hacked e-mail accounts and taken bank details.The very best method to safeguard versus information breaches […]
New insights on cybersecurity in the age of hybrid work
As we approach the recently of Cybersecurity Awareness Month , I consider what is top of mind for myself and my peers in security. The previous year has actually continued the 2020s significant shift in the method companies run. Current information reveals that 81 percent of business companies have actually started the approach a hybrid […]
Defend against zero-day exploits with Microsoft Defender Application Guard
Zero-day security vulnerabilities—known to hackers, but unknown to software creators, security researchers, and the public—are like gold to attackers. With zero-days, or even zero-hours, developers have no time to patch the code, giving hackers enough access and time to explore and map internal networks, exfiltrate valuable data, and find other attack vectors. Zero-days has become […]
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run. This investigation led us down a rabbit hole as we unearthed one of the operations that enabled the campaign: a large-scale phishing-as-a-service operation called BulletProofLink, which sells phishing kits, […]
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
In August, Microsoft Threat Intelligence Center (MSTIC) identified a small number of attacks (less than 10) that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders. […]