AI Safety Scheme: UK Government Tackles Deepfakes and Misinformation
The UK government has introduced an innovative AI safety research program aimed at enhancing resilience against deepfakes and other AI-driven...
Research
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as...
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which...
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Microsoft researchers recently identified multiple medium severity vulnerabilities in OpenVPN, an open-source project with binaries integrated into routers, firmware, PCs,...
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions...
Vulnerabilities in PanelView Plus devices could lead to remote code execution
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers,...
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an...
AI jailbreaks: What they are and how they can be mitigated
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human...
Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT)...
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a...
Cyber Signals: Inside the growing risk of gift card fraud
In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed...
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to...
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite...
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM)...
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities...
How Microsoft discovers and mitigates evolving attacks against AI guardrails
As we continue to integrate generative AI into our daily lives, it’s important to understand the potential harms that can...
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Cybercriminals use social engineering during holidays and important events like tax season to steal user information. Our new Microsoft Threat...
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a...
Microsoft Incident Response lessons on preventing cloud identity compromise
Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in...
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star...
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix...
Financially motivated threat actors misusing App Installer
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and...
Threat actors misuse OAuth applications to automate financially driven attacks
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for...
Join us at InfoSec Jupyterthon 2024
Jupyter notebooks are continuing to grow in popularity in information security as an alternative or supplement to mainstream security operations...
