New Blog Post | Protecting customers from a private-sector offensive actor using 0-day exploits

%3CLINGO-SUB%20id%3D%22lingo-sub-2553623%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Protecting%20customers%20from%20a%20private-sector%20offensive%20actor%20using%200-day%20exploits%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2553623%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Fig1-DevilsTong-return-address-modification-shellcode.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296198i43BAAF7129D1D830%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Fig1-DevilsTong-return-address-modification-shellcode.png%22%20alt%3D%22Fig1-DevilsTong-return-address-modification-shellcode.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F07%2F15%2Fprotecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProtecting%20customers%20from%20a%20private-sector%20offensive%20actor%20using%200-day%20exploits%20and%20DevilsTongue%20malware%20%7C%20Microsoft%20Security%20Blog%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThe%20Microsoft%20Threat%20Intelligence%20Center%20(MSTIC)%20alongside%20the%20Microsoft%20Security%20Response%20Center%20(MSRC)%20has%20uncovered%20a%20private-sector%20offensive%20actor%2C%20or%20PSOA%2C%20that%20we%20are%20calling%20SOURGUM%20in%20possession%20of%20now-patched%2C%20Windows%200-day%20exploits%20(%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-31979%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECVE-2021-31979%3C%2FA%3E%3CSPAN%3E%26nbsp%3Band%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2021-33771%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECVE-2021-33771%3C%2FA%3E%3CSPAN%3E).%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2553623%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EThreat%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Fig1-DevilsTong-return-address-modification-shellcode.png

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue mal...

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).

0 Replies
www.000webhost.com