SolarWinds Attacks
NOBELIUM Demonstrates Why Microsoft Is the Weakest Link
Microsoft platforms and products are ubiquitous. Government agencies and companies of all sizes and industries around the world rely on Microsoft software to get things done. They are also riddled with security ...
Microsoft Publishes Veiled Mea Culpa Disguised as Research
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM—the threat actor behind the SolarWinds attacks—is targeting delegated administrative privileges as part of a larger malicious campaign. Microsoft cautions that ...
Microsoft’s Failure to Prioritize Security Puts Everyone at Risk
It has been a very busy year when it comes to Microsoft zero-day attacks. According to KrebsOnSecurity, May is the only month in 2021 that Microsoft didn’t release a patch to defend ...
1,460-Day Old Known Vulnerability Catches Microsoft Off Guard
Vulnerabilities are a fact of life. I started my career in cybersecurity finding and exploiting those vulnerabilities to conduct nation-state offensive operations. I understand the simple reality that there is no such ...
Azurescape Vulnerability: More Evidence that Microsoft Should Leave Security to the Experts
It’s been a busy couple weeks for Microsoft—and not in a good way. Following the news that a configuration error left Azure cloud customer data exposed to potential compromise, and a security ...
Microsoft Zero-Day-of-the-Month Club
When it comes to zero day attacks against Microsoft products, I often feel like Bill Murray’s character in the movie Groundhog Day. It seems like I keep waking up to the same ...
CISO Roundtable: Ransomware Attacks and the True Cost to Business
A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact ...
Summer Webinar Series with CSO Sam Curry
Join Cybereason CSO Sam Curry for this webinar series where he revisits some of the cybersecurity highlights of the first half of 2021, from the SolarWinds supply chain attacks to DarkSide and ...
Deja Vu: What Do NotPetya and SolarWinds Have in Common?
As I was waking up in Boston on the morning of June 27, 2017, reports were being shared on social media that an electric power supplier in Ukraine was hit by a ...
SolarWinds Threat Actors Behind New Email Attack Campaign
The threat actors behind last year’s SolarWinds supply chain attack have launched a new email attack campaign aimed at organizations around the world. This attack wave attracted the attention of the Microsoft ...