Windows Defender Antivirus

WDigest credential harvesting

WDigest, a legacy authentication protocol that is still in use on many corporate networks, presents opportunities for attackers to acquire passwords. Its abuse essentially nullifies…

Read more

Zacinlo (Detrahere) rootkit

On June 18, 2018, Bleeping Computer reported how a Zacinlo rootkit was impacting Windows 10 machines. Upon investigation, Microsoft security researchers found a few spikes…

Read more

ALPC local privilege elevation

Executive summaryMicrosoft has released security updates to address a vulnerability in Windows that can be used by a non-admin user to elevate privileges and obtain…

Read more

Motivated miners

In recent months, multiple security vendors published articles about “motivated miners”—attackers who take advantage of tools, techniques, and procedures (TTPs) developed by advanced threat actors…

Read more

Windows 7 zero-day for CVE-2019-0808

Researchers from Google's Threat Analysis Group notified Microsoft that they discovered evidence of a zero-day exploit active in the wild since late February 2019. The…

Read more

WannaCrypt

WannaCrypt (also known as WannaCry) began propagating May 12, 2017 07:44 UTC, installing ransomware to computers affected by CVE-2017-0145, a vulnerability present in version 1 of…

Read more

BARIUM targets gaming supply chains

Enterprise security personnel often assume that legitimate software products are inherently trustworthy. If an attacker takes over a legitimate app or service, they gain a…

Read more