Collaborate Disseminate
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns. Continue reading Lazarus targets defense industry with ThreatNeedle
Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users. Continue reading Patch Tuesday, Good Riddance 2020 Edition
We track the ongoing activities of more than 900 advanced threat actors. Here we try to focus on what we consider to be the most interesting trends and developments of the last 12 months. Continue reading APT annual review: What the world’s threat actors got up to in 2020
Over the course of the last few years, Microsoft started adding the concept of ‘data types’ to Excel, that is, the ability to pull in geography and real-time stock data from the cloud, for example. Thanks to its partnership with Wolfram, Excel now features over 100 of these data types that can flow into a […] Continue reading Microsoft now lets you bring your own data types to Excel
Cortana may have failed as a virtual assistant for consumers, but Microsoft is still betting on it (or at least its brand) for business use cases, now that it has rebranded it as a ‘personal productivity assistant’ as part of Microsoft 365. Today, at its Ignite conference, Microsoft launched and announced a number of new […] Continue reading Microsoft launches new Cortana features for business users
In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe. Continue reading Transparent Tribe: Evolution analysis,part 2
Microsoft today launched Transcribe in Word, its new transcription service for Microsoft 365 subscribers, into general availability. It’s now available in the online version of Word, with other platforms launching later. In addition, Word is also getting new dictation features, which now allow you to use your voice to format and edit your text, for […] Continue reading Microsoft brings transcriptions to Word
A campaign targeting Office 365 customers used a compromised internal email for phishing messages, giving much more credence to an email that people would otherwise dismiss immediately. Phishing emails are a fact of life. Most are caught by corporate s… Continue reading Phishing Campaign Uses Internal Email to Trick Employees into Sharing Office 365 Credentials
At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft’s malicious macros protections to infect MacOS users. Continue reading Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros
A U.S. court order has allowed Microsoft to seize control of key domains controlled by fraudsters to halt criminal activity after an increase in scams targeting users of Office 365. The U.S. District Court for the Eastern District of Virginia this week… Continue reading Court Lets Microsoft Seize Web Domains Used in COVID-19 Phishing/BEC Scams and Fraud