Multi Stage Malware Campaign Targeting Windows via Social Engineering and Defense Evasion

Attackers used social engineering to trick Windows users into executing a disguised file. They then disabled Microsoft Defender and stole sensitive data using Amnesia RAT. Finally, they deployed ransomware and WinLocker which encrypted files, removed recovery options and fully locked the compromised systems.

Pulse ID: 69700f01a16416186c2ceaa8
Pulse Link: https://otx.alienvault.com/pulse/69700f01a16416186c2ceaa8
Pulse Author: cryptocti
Created: 2026-01-20 23:25:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RAT #RansomWare #SocialEngineering #Windows #bot #cryptocti

Multi Stage Malware Campaign Targeting Windows via Social Engineering and Defense Evasion

Attackers used social engineering to trick Windows users into executing a disguised file. They then disabled Microsoft Defender and stole sensitive data using Amnesia RAT. Finally, they deployed ransomware and WinLocker which encrypted files, removed recovery options and fully locked the compromised systems.

Pulse ID: 69700f0424c850cb6dbdd0f9
Pulse Link: https://otx.alienvault.com/pulse/69700f0424c850cb6dbdd0f9
Pulse Author: cryptocti
Created: 2026-01-20 23:25:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RAT #RansomWare #SocialEngineering #Windows #bot #cryptocti

Multi Stage Malware Campaign Targeting Windows via Social Engineering and Defense Evasion

Attackers used social engineering to trick Windows users into executing a disguised file. They then disabled Microsoft Defender and stole sensitive data using Amnesia RAT. Finally, they deployed ransomware and WinLocker which encrypted files, removed recovery options and fully locked the compromised systems.

Pulse ID: 69700f04e7b3cae8f7f33f5b
Pulse Link: https://otx.alienvault.com/pulse/69700f04e7b3cae8f7f33f5b
Pulse Author: cryptocti
Created: 2026-01-20 23:25:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RAT #RansomWare #SocialEngineering #Windows #bot #cryptocti

Multi Stage Malware Campaign Targeting Windows via Social Engineering and Defense Evasion

Attackers used social engineering to trick Windows users into executing a disguised file. They then disabled Microsoft Defender and stole sensitive data using Amnesia RAT. Finally, they deployed ransomware and WinLocker which encrypted files, removed recovery options and fully locked the compromised systems.

Pulse ID: 69700f1ccae1ab65ea501346
Pulse Link: https://otx.alienvault.com/pulse/69700f1ccae1ab65ea501346
Pulse Author: cryptocti
Created: 2026-01-20 23:26:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RAT #RansomWare #SocialEngineering #Windows #bot #cryptocti

Inside a Multi-Stage Windows Malware Campaign

A sophisticated multi-stage malware campaign targeting Windows users in Russia has been identified. The attack chain begins with social engineering lures and progresses to a full system compromise, including security bypass, surveillance, and ransomware delivery. It abuses Defendnot to disable Microsoft Defender and uses modular hosting across cloud services. The attack employs various techniques such as PowerShell scripts, obfuscated VBScript, and COM object manipulation. It deploys Amnesia RAT for data theft and surveillance, Hakuna Matata ransomware for file encryption, and a WinLocker component for system lockout. The campaign demonstrates how full system compromise can be achieved without exploiting software vulnerabilities, instead relying on social engineering and abuse of legitimate Windows features.

Pulse ID: 696fc0723c9020d483708e56
Pulse Link: https://otx.alienvault.com/pulse/696fc0723c9020d483708e56
Pulse Author: AlienVault
Created: 2026-01-20 17:50:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #DataTheft #Encryption #InfoSec #Malware #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #PowerShell #RAT #RansomWare #Russia #SocialEngineering #VBS #Windows #bot #AlienVault

Tired of digging through menus just to configure Windows 11 Defender?

DefenderUI gives you a clean, powerful GUI that puts full control of Microsoft Defender at your fingertips, no guesswork, no clutter.

#Windows11 #MicrosoftDefender #DefenderUI #CyberSecurity #Infosec #WindowsSecurity

Microsoft Defender für Office 365: Automatische Bedrohungsabwehr ohne manuelle Freigabe

„Standardmäßig müssen Behebungsmaßnahmen, die von „Automated Investigation and Response“ (AIR) in Microsoft Defender für Office 365 Plan 2 identifiziert wurden, von den Sicherheitsteams (SecOps) genehmigt werden. Jetzt können Administratoren auch bestimmte Maßnahmen für die automatische Behebung festlegen.“

https://www.all-about-security.de/microsoft-defender-fuer-office-365-automatische-bedrohungsabwehr-ohne-manuelle-freigabe/

#microsoft #microsoftdefender #SecOps #Office365

Conheça o modelo de Confiança Zero (Zero Trust) da Microsoft https://www.linkedin.com/pulse/zero-trust-n%25C3%25A3o-%25C3%25A9-produto-mudan%25C3%25A7a-cultural-e-d%25C3%25B3i-mauricio-cassemiro-adh1e #ZeroTrust #MicrosoftDefender

Ranking antywirusów na koniec 2025 roku. Kto daje 100% ochrony, a kto zawodzi?

Laboratorium AV-Comparatives opublikowało wyniki swoich najnowszych, kompleksowych testów oprogramowania zabezpieczającego.

Raporty zamykające rok 2025 przynoszą dobre wieści dla użytkowników darmowych rozwiązań (świetny wynik Microsoft Defender), ale też ostrzeżenie przed produktami, które generują rekordowe liczby fałszywych alarmów.

Najważniejszym sprawdzianem dla każdego pakietu ochronnego jest tzw. Real-World Protection Test. W edycji obejmującej okres od lipca do października 2025 roku badacze sprawdzili 19 popularnych programów na próbce 428 realnych zagrożeń (złośliwe strony, ataki drive-by download).

Elita ze skutecznością 100%

Bezbłędną skutecznością wykazały się trzy pakiety, które zablokowały absolutnie wszystkie próbki złośliwego oprogramowania (100% Protection Rate). Są to:

• Avast (Free Antivirus)
• AVG (AntiVirus Free)
• Norton (Antivirus Plus)

Tuż za nimi, z wynikiem 99,5%, uplasowała się silna grupa pościgowa, w której znalazły się m.in.: Kaspersky, ESET oraz Bitdefender (99,1%). Co istotne dla użytkowników systemu Windows – domyślny Microsoft Defender (standardowe oprogramowanie ochronne w systemie Microsoftu) również trafił do najwyższej kategorii „Advanced+”, osiągając solidne 99,1% skuteczności przy bardzo niskiej liczbie fałszywych alarmów.

Trend Micro i Malwarebytes z problemami

Wysoka wykrywalność to nie wszystko – liczy się też brak pomyłek. W tej kategorii najgorzej wypadł Trend Micro, który aż 75 razy błędnie oznaczył bezpieczne pliki lub strony jako zagrożenie. Słabo pod tym względem zaprezentowały się również Malwarebytes (42 fałszywe alarmy) oraz K7 (34 pomyłki). Z powodu tak dużej liczby błędów, produkty te zostały zdegradowane w rankingu końcowym do niższych kategorii certyfikacji, mimo przyzwoitej skuteczności wykrywania wirusów.

Ochrona zakupów: wykrywanie fałszywych sklepów

W kontekście zbliżających się Świąt, kluczowy jest test Fake Shops Detection 2025. Eksperci sprawdzali, czy antywirusy potrafią uchronić użytkownika przed wejściem na stronę udającą sklep internetowy, której celem jest kradzież danych karty kredytowej. Certyfikat potwierdzający skuteczność w tym obszarze otrzymała wąska grupa produktów:

• Avast Premium Security
• F-Secure Internet Security
• Kaspersky Premium
• Norton 360 Deluxe

Zaawansowane zagrożenia i Stalkerware

Dla najbardziej wymagających użytkowników przeprowadzono test Advanced Threat Protection (ATP), sprawdzający odporność na ataki celowane i bezplikowe. Tutaj rynek konsumencki prezentuje bardzo wysoki poziom – aż 7 z 8 testowanych produktów (w tym wersje darmowe Avast, AVG i Avira) otrzymało najwyższą ocenę „Advanced+”.

Równolegle, we współpracy z Electronic Frontier Foundation (EFF), przetestowano 13 aplikacji mobilnych na Androida pod kątem wykrywania oprogramowania szpiegującego (stalkerware). Raport zwraca uwagę na niepokojący trend rynkowy: sprawcy przemocy domowej coraz częściej porzucają aplikacje szpiegowskie na rzecz tanich lokalizatorów Bluetooth (jak AirTag i podobne), co stanowi nowe wyzwanie dla branży bezpieczeństwa.

Tylko 2% polskich małych firm jest gotowych na atak hakerów. Alarmujący raport Cisco

#avComparatives #avast #falszyweSklepyInternetowe #microsoftDefender #news #norton #rankingAntywirusow2025 #stalkerware #testyBezpieczenstwa

RT by @SwiftOnSecurity: 🚀 𝗡𝗲𝘄 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗢𝗳𝗳𝗶𝗰𝗲 365

Security teams can now trigger key email remediation actions—𝗦𝘂𝗯𝗺𝗶𝘁 𝘁𝗼 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁, 𝗔𝗱𝗱 𝘁𝗼 𝗮𝗹𝗹𝗼𝘄/𝗯𝗹𝗼𝗰𝗸 𝗹𝗶𝘀𝘁, and 𝗜𝗻𝗶𝘁𝗶𝗮𝘁𝗲 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝗶𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻—directly from the 𝗔𝗱𝘃𝗮𝗻𝗰𝗲𝗱 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 interface.

No policy changes needed. Enabled by default since Nov 10, 2025.

Streamlined threat response, powered by your queries.

#MicrosoftDefender #AdvancedHunting #CyberSecurity #incidentresponse

🐦🔗: https://nitter.oksocial.net/0x534c/status/1988608813323411545#m

[2025/11/12 14:04]

Microsoft Defender for Endpoint delivers industry-leading anti-virus protection, but navigating its licensing tiers, pricing models, and feature sets can be incredibly confusing.

Join us today on Defender Fridays with Ken Westin, Senior Solutions Engineer at LimaCharlie, as we break down:

> The differences between the various tiers

> Ways to solve Defender visibility issues and increase operational transparency.

> How its capabilities can be customized and expanded for better flexibility and scalability for service providers

This is an interactive session - bring your questions and let's explore the benefits and drawbacks together.

#defenders #cybersecurity #microsoftdefender #infosec

Tomorrow, October 15th at 10am PT - hands-on workshop on Microsoft Defender automation.

We'll demonstrate how to augment Windows Defender Antivirus with centralized management capabilities that eliminate manual processes and accelerate threat detection.

What we'll cover:

> Verify Defender deployment status across your entire Windows infrastructure in seconds
> Capture endpoint security events at wire speed without relying on Microsoft's collection timelines
> Execute AV scans remotely across endpoints or schedule them to run automatically
> Configure detection and response rules tailored to your environment's specific needs

Final reminder: This is a live session and will not be recorded.

Register: https://limacharlie.wistia.com/live/events/su08f1kjsa?utm_campaign=virtual+workshop+microsoft+defender+10+15+25&utm_source=mastodon&utm_medium=social

#cybersecurity #secops #microsoftdefender

#MicrosoftDefender full scan on #Windows11 is not a good experience so far.

Want better visibility and control over Microsoft Defender?

We're running a hands-on virtual workshop on augmenting Windows Defender Antivirus with centralized management and automation capabilities using the SecOps Cloud Platform.

Session agenda:

> Gathering telemetry quicker than Microsoft's native collection methods
> Controlling instances across endpoints from a single interface
> Automating log collection at scale
> Enriching detection capabilities with custom rules
> Leveraging data retention to improve investigation speed

This session will not be recorded. Register now: https://limacharlie.wistia.com/live/events/su08f1kjsa?utm_campaign=virtual+workshop+microsoft+defender+10+15+25&utm_source=mastodon&utm_medium=social

#cybersecurity #secops #microsoftdefender

Microsoft Defender is stirring up trouble—bogus BIOS alerts, misflagged emails, even Mac crashes. Can your trusted security tool really keep up when glitches hit?

https://thedefendopsdiaries.com/microsoft-defender-navigating-recent-bugs-and-the-ongoing-challenge-of-security-software-reliability/

#microsoftdefender
#securitysoftware
#falsepositives
#cybersecuritynews
#machinelearningsecurity

Handing out standing access in Defender XDR? Try PIM‑for‑Groups + RBAC.
My colleague Matt Novitsch posted a clean, screenshot‑driven guide to enable just‑in‑time SecOps access across Defender workloads. Time‑boxed, auditable, least‑privilege. #EntraID #PIM #MicrosoftDefender #XDR #RBAC #ZeroTrust

Microsoft Teams is leveling up its security game by flagging sketchy links in chats. Could this be the breakthrough your team's been waiting for against phishing and malware?

https://thedefendopsdiaries.com/enhancing-security-in-microsoft-teams-malicious-link-warnings-and-beyond/

#microsoftteams
#cybersecurity
#maliciouslinks
#phishingprotection
#microsoftdefender

#Patchday #Microsoft: #Azure, #Office, #Windows :windows: & Co. sind angreifbar | heise online https://www.heise.de/news/Patchday-Microsoft-Schadcode-Schlupfloecher-in-Office-und-Windows-geschlossen-10639037.html #MicrosoftAzure #Azure #MicrosoftDefender #Defender #MicrosoftHyperV #HyperV #MicrosoftOffice #MicrosoftWindows #MicrosoftXbox #Xbox

Project Ire: Microsoft’s AI Sentinel Against Malware.

#ProjectIre, #MicrosoftAI, #AISecurity, #CyberSecurity, #MalwareProtection, #ThreatDetection, #MicrosoftDefender, #AIinCybersecurity, #ZeroDayThreats, #CyberDefense

https://medium.com/@jckapadia003/project-ire-microsofts-ai-sentinel-against-malware-664772d099d1

How to Backup (export) and Restore (import) #MicrosoftDefender #Firewall Settings and Rules in #Windows11 and #Windows10 #MicrosoftDefenderFirewall #WindowsDefenderFirewall
https://www.elevenforum.com/t/backup-and-restore-microsoft-defender-firewall-settings-and-rules-in-windows-11.38587/