Microsoft

Pierluigi Paganini February 26, 2021
Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint […]

Pierluigi Paganini February 18, 2021
SolarWinds hackers had access to components used by Azure, Intune, and Exchange

Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange. Microsoft announced that the threat actors behind the SolarWinds supply chain attack could have had access to repositories containing the source code for a limited number of components used by Azure, Intune, and Exchange. In […]

Pierluigi Paganini February 12, 2021
Microsoft warns of the rise of web shell attacks

Researchers from Microsoft are warning that the number of monthly web shell attacks has doubled since last year. Microsoft reported that the number of monthly web shell attacks has almost doubled since last year, its experts observed an average of 140,000 of these software installs on servers on a monthly basis, while in 2020 they […]

Pierluigi Paganini February 09, 2021
Microsoft to notify Office 365 users of nation-state attacks

Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016, Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are […]

Pierluigi Paganini December 31, 2020
SolarWinds hackers gained access to Microsoft source code

The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products. The threat actors behind the SolarWinds attack could have compromised a small number of internal accounts and used at least one of them to view source code in a number of source code repositories. […]

Pierluigi Paganini December 24, 2020
Google reported that Microsoft failed to fix a Windows zero-day flaw

Google’s Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google’s Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability in Windows. The vulnerability tracked as CVE-2020-0986, resides in the Print Spooler API and could be exploited by a threat […]

Pierluigi Paganini December 18, 2020
Microsoft confirms breach in SolarWinds hack, but denies its clients were affected

Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. Microsoft has confirmed that it was one of the companies breached in the recent SolarWinds supply chain attack, but the IT giant denied that the nation-state actors compromised its software supply-chain to infect its […]

Pierluigi Paganini December 16, 2020
Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack

Microsoft and its partners have seized the primary domain used in the SolarWinds attack to identify the victims through sinkholing. Microsoft partnered with other cybersecurity firms to seize the primary domain used in the SolarWinds attack (avsvmcloud[.]com) in an attempt to identify all victims and prevent other systems from being served malicious software. The domain […]

Pierluigi Paganini November 24, 2020
Microsoft fixes Kerberos Authentication issues with an out-of-band Update

Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An out-of-band optional update is now available on the Microsoft Update Catalog to address a known […]

Pierluigi Paganini November 18, 2020
Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phishing attack targeting enterprises […]