Author Archives: CSIRT

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, Bleeping Computer has learned. These attacks were part of two campaigns that ran between September and December 2020, targeting victims in multiple recurring waves. One of the two attack campaigns specifically targeted Spanish speaking victims […]

The perpetrators behind the SolarWinds supplychain attack were observed leveraging four separate, techniques to bypass identity and access management protections and laterally move from victims’ on-premises networks to their cloud-based Microsoft 365 accounts. Companies that use M365 may therefore wish to heed three key recommendations: harden your hybrid environments, conduct thorough audits of your cloud […]

Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims’ cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. No new tactics, techniques, and procedures (TTPs) were shared in a blog post published on Monday to provide Microsoft 365 Defender users with threat hunting techniques […]

An agency can run a completely compliant network and still be breached by a trusted user’s account being exposed. The U.S. government is one of the largest cyber targets in the world. With a broadening array of endpoints globally, agency networks are increasingly vulnerable to malware, spyware and ransomware, and there have been a number […]