PSA to orgs: if you use Microsoft 365, check your email logs for an email from mbsupport@microsoft.com

Microsoft are emailing tenant admin email addresses about a breach by Midnight Blizzard - you might not get the emails due to spam filtering etc.

reddit.com/r/microsoft/comment… #threatintel

Can’t find my thread to update it, but after a Chinese company acquired Polyfill.io last year (embedded in over 100k websites), it has started serving malware to users of said websites - prepare to be surprised.

sansec.io/research/polyfill-su…

#threatintel

Polyfill supply chain attack hits 100K+ sites

The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.

^Sansec

Microsoft published a report last month acknowledging the existence of a long running honeypot operation running on code.microsoft[.]com.

techcommunity.microsoft.com/t5…

#microsoft #infosec #threatintel

Examining the Deception infrastructure in place behind code.microsoft.com

The domain name code.microsoft.com has an interesting story behind it. Here we examine how we've used this to collect actionable threat intelligence.

^{TECHCOMMUNITY.MICROSOFT.COM}