Octo Tempest is a threat actor known for employing social engineering, intimidation, and other human-centric tactics to gain initial access into an environment, granting themselves privilege to cloud and on-premises resources before exfiltrating data, and unleashing ransomware across an environment. Its extensive range of tactics, techniques, and procedures (TTPs) and ability to pivot quickly and change malicious actions depending on the target organization's response make this threat actor one of the most dangerous financial criminal groups. In this blog post, Microsoft Incident Response provides a response playbook to empower defenders in tackling the challenges posed by Octo Tempest and evicting the threat actor from cloud and on-premises environments: https://msft.it/6044Y2DSK Read our past report on Octo Tempest, documenting their wide array of TTPs: https://msft.it/6045Y2DSz
Microsoft Threat Intelligence’s Post
More Relevant Posts
-
The July 2024 security updates are available:
Security updates for July 2024 are now available. Details are available here: https://msft.it/60119yPTS #PatchTuesday #SecurityUpdateGuide
To view or add a comment, sign in
-
In this episode of The Microsoft Threat Intelligence podcast, top experts from different areas in cybersecurity share their experiences pushing for security at various levels and their insights on the impact of AI to cybersecurity This series of discussions, recorded live at RSA Conference 2024, features discussions on the process of securing the Windows platform, the power grid, as well as the unique challenges faced by specific industries such as education in cybersecurity. The experts also talk about the importance of integration in dealing with cyberthreats, such as considering product functionality when building cybersecurity measures, as well as including threat intelligence related to cybercrime entities into attack frameworks such as MITRE. Listen to the full episode, hosted by Sherrod DeGrippo, here: https://msft.it/6040lHNSm
Microsoft Live at the RSA Conference 2024
thecyberwire.com
To view or add a comment, sign in
-
Microsoft researchers discovered two vulnerabilities in Rockwell Automation’s PanelView Plus that could be remotely exploited by attackers to allow remote code execution (RCE) and denial of service (DoS). PanelView Plus devices are graphic terminals, also known as human machine interface (HMI), used in the industrial sector. Both vulnerabilities are related to custom classes in PanelView Plus. The RCE vulnerability involves two custom classes that could be used to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS. Microsoft reported these findings to Rockwell Automation in May and July 2023, and Rockwell Automation published security patches to address the vulnerabilities in September and October 2023. We’re sharing our research to help developers, vendors, and the industry in general to avoid or detect similar issues in their systems. Read our latest blog to get our analysis of the vulnerabilities, as well as mitigation and protection guidance for defenders: https://msft.it/6046l8Ufn
Vulnerabilities in PanelView Plus devices could lead to remote code execution | Microsoft Security Blog
microsoft.com
To view or add a comment, sign in
-
Microsoft has accelerated the speed and scale at which threat intelligence is published in Microsoft Defender Threat Intelligence (MDTI), Microsoft Defender XDR Threat Analytics, and Microsoft Copilot for Security, giving customers more critical security insights, data, and guidance than ever before. Our 10,000 interdisciplinary experts reason over more than 78 trillion daily threat signals to continuously add to our understanding of threat actors and activity. Over the past year, Microsoft Threat Intelligence has published hundreds of new Intel profiles to help customers maintain situational awareness around the threat activity, techniques, vulnerabilities, and the more than 300 named threat actors tracked by Microsoft. We have also improved the quantity and depth of open-source intelligence (OSINT), and delivered detections and security recommendations to provide context on daily alerts and help customers detect, understand, and address cyberattacks and related activities. Using Copilot for Security, customers can quickly retrieve information from these publications to contextualize artifacts and correlate MDTI and Threat Analytics content and data with other security information from Defender XDR, such as incidents and hunting activities, to help customers assess their vulnerabilities and quickly understand the broader scope of an attack. Learn more: https://msft.it/6048l8z0k
More Threat Intelligence Content in MDTI, TA Enables Better Security Outcomes
techcommunity.microsoft.com
To view or add a comment, sign in
-
Threats that involve the compromise of multiple privileged identities within the network may require a mass password reset as part of incident response. A mass password reset helps incident responders gain control of the identity plane, deny other avenues of access, and disrupt any persistence the attacker may have established in the environment. There are several variables and considerations for a mass password reset, and there is no one-size-fits-all solution. In this blog post, Microsoft Incident Response provides best practices in preparing for and performing a mass password reset: https://msft.it/6046YhXQ6
Effective strategies for conducting Mass Password Resets during cybersecurity incidents
To view or add a comment, sign in
-
In our ongoing commitment to transparency, we will now issue CVEs for critical cloud service vulnerabilities, regardless of whether customers need to install a patch or take other actions to protect themselves. Learn more in our blog post: https://msft.it/6044YCjBG
Toward greater transparency: Unveiling Cloud Service CVEs | MSRC Blog | Microsoft Security Response Center
To view or add a comment, sign in
-
Microsoft recently discovered a new type of generative AI jailbreak method, which we call Skeleton Key for its ability to potentially subvert responsible AI (RAI) guardrails built into the model, which could enable the model to violate its operators’ polices, make decisions unduly influenced by a user, or run malicious instructions. The Skeleton Key method works by using a multi-step strategy to cause a model to ignore its guardrails by asking it to augment, rather than change, its behavior guidelines. This enables a model to then respond to any request for information or content, including producing ordinarily forbidden behaviors and content. To protect against Skeleton Key attacks, Microsoft has implemented several approaches to our AI system design, provided tools for customers developing their own applications on Azure, and provided mitigation guidance for defenders to discovered and protect against such attacks. Learn about Skeleton Key, what Microsoft is doing to defend systems against this threat, and more in the latest Microsoft Threat Intelligence blog from the Chief Technology Officer of Microsoft Azure Mark Russinovich: https://msft.it/6043Y7Xrd Learn more about Mark Russinovich and his exploration into AI and AI jailbreaking techniques like Crescendo and Skeleton Key, as discussed on that latest Microsoft Threat Intelligence podcast episode hosted by Sherrod DeGrippo: https://msft.it/6044Y7Xre
Mitigating Skeleton Key, a new type of generative AI jailbreak technique | Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog
To view or add a comment, sign in
-
The Microsoft Copilot for Security threat intelligence embedded experience in Defender XDR, now generally available, returns, contextualizes, and summarizes intelligence from across Microsoft Defender Threat Intelligence (MDTI) and threat analytics about threat actors, threat tooling, and IoCs related to their security incidents and vulnerabilities. Copilot for Security helps defenders to evaluate artifacts and correlate threat intelligence content and data with other security information from Defender XDR, such as incidents and hunting activities, to assess risks and quickly understand the broader scope of an attack. The threat intelligence embedded experience in Defender XDR can help users summarize threat intelligence, prioritize threats based on exposures and vulnerabilities across the attack surface, and understand threats targeting their industry. Learn more here: https://msft.it/6042YAIos You can also find more details on using Microsoft Copilot for Security for threat intelligence here: https://msft.it/6043YAIot
Copilot for Security TI Embedded Experience in Defender XDR is now GA
To view or add a comment, sign in
-
Learn from Mark Russinovich, CTO and Technical Fellow of Microsoft Azure, as he shares details on his journey from developing Sysinternals to working in the cloud with Azure, his experiences with testing AI models for vulnerabilities, and discovering AI jailbreak attacks like Crescendo, a technique that tricks LLMs into generating malicious content by exploiting their own responses. Listen to the full episode of the Microsoft Threat Intelligence podcast here, hosted by Sherrod DeGrippo: https://msft.it/6046Y2knp More details on Crescendo and how Microsoft discovers and mitigates attacks against AI guardrails in this blog post: https://msft.it/6047Y2knV
To view or add a comment, sign in
29,744 followers
CFBR