Security News

Specifically, the compromised DLL file was quietly deployed onto targeted systems by mimicking legitimate file names - and the attackers worked between 8am and 5pm to increase the odds of not being spotted. Much of the infosec commentary around the SolarWinds supply chain attack has reused the tired old clichés of stating the attackers were sophisticated, advanced, cunning, soft, strong, thoroughly absorbent, and so on.

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security. In its latest report on the SolarWinds attack, which it tracks as Solorigate, Microsoft explains how the attackers got from the Sunburst malware to the Cobalt Strike loaders, and how they kept the components separated as much as possible to avoid being detected.

Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version. Microsoft Edge 88 now helps you improve the security of your online accounts with the password generator which suggests secure and strong passwords when updating existing credentials or signing up for new accounts.

Steal the Active Directory Federation Services token-signing certificate and use it to forge tokens for arbitrary users. This would allow the attacker to authenticate into a federated resource provider as any user, without the need for that user's password or their corresponding multi-factor authentication mechanism.

Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies. This previously unknown information was disclosed by security experts part of the Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center, and Microsoft Cyber Defense Operations Center.

Microsoft this week announced that it has enabled automatic threat remediation in Microsoft Defender for Endpoint for users who opted into public previews. For all alerts, Microsoft Defender for Endpoint automatically starts an investigation on the machine, inspecting files, processes, registry keys, services, and anything else that may contain threat-related evidence.

Microsoft will enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who have opted into public previews starting next month, on February 16, 2021. This change of the default automation level from Semi to Full comes after finding that organizations using full automation by default were more successful in remediating and containing threats.

Unlike Windows 10 or Windows 8, Windows 10X doesn't come with traditional live tiles. In the leaked build, Windows 10X is using ChromeOS like static icons for Microsoft Store apps and Microsoft Edge-powered Progressive Web Apps.

SolarWinds hack investigation reveals new Sunspot malwareCrowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company's Orion software. January 2021 Patch Tuesday: Microsoft plugs Defender zero-day RCEMicrosoft has plugged 83 security holes, 10 of which are critical.

Microsoft is taking matters into its own hands when it comes to companies that haven't yet updated their systems to address the critical Zerologon flaw. Microsoft Active Directory domain controllers are at the heart of the Zerologon vulnerability.