Discover a vulnerability or threat? Submit it via the MSRC Researcher Portal: msrc.microsoft.com/report. MSRC accepts a variety of submission types, including software & service vulnerabilities, URL-related threats, IP address threats, OAuth applications, and Azure Community Gallery reports. Learn more about the types of threats we accept in the MSRC Researcher Resource Center: https://lnkd.in/gzAsNN5K #infosec #securityresearch
Microsoft Security Response Center
Computer and Network Security
Protecting customers and Microsoft from current and emerging threats related to security and privacy.
About us
The Microsoft Security Response Center (MSRC) is dedicated to safeguarding customers and Microsoft from security threats. With over two decades of experience, we focus on prevention, rapid defense, and community trust. Together, we’ll continue to protect our users and the broader ecosystem.
- Website
-
https://www.microsoft.com/en-us/msrc
External link for Microsoft Security Response Center
- Industry
- Computer and Network Security
- Company size
- 10,001+ employees
- Specialties
- Cybersecurity, Security response, Incident response, Bug bounty, Security research, and BlueHat
Updates
-
Microsoft Security Response Center reposted this
The financially motivated cybercriminal group that Microsoft tracks as Storm-0501 has been observed exfiltrating data and deploying Embargo ransomware after moving laterally from on-premises to the cloud environment. The said attacks also involve credential theft, tampering, and persistent backdoor access. Storm-0501 exploited known vulnerabilities to gain initial access and used various open-source and commodity tools to steal credentials and move laterally within the network. The threat actor leveraged their level of access to exfiltrate sensitive data, evade detection, and gain control of the cloud environment. The actor subsequently created a backdoor to the cloud environment to maintain persistent access, and deployed Embargo ransomware on the on-premises environment to extort their target. In this blog post, we share our findings on the recent attack conducted by Storm-0501 and provide recommendations and mitigations to help customers protect themselves from this threat and similar ransomware attacks. https://msft.it/6041m5gPx
-
-
Time’s ticking—apply by October 4th to secure your spot at #BlueHat 2024: https://aka.ms/bhreg
📣The moment you’ve been waiting for is here! 📣 The BlueHat 2024 application to attend is now open! If you’re interested in attending #BlueHat in Redmond, WA, USA, October 29-30, please submit your application here: https://msft.it/6040mpdPA Like this post if you're applying!
-
-
In a recent episode of The BlueHat Podcast, Ryen M., Principal Security Program Manager at Microsoft, joins Nic Fillingham to share her journey back to Microsoft, her experiences at Hacker Summer Camp 2024, and valuable insights on creating security measures that enhance, rather than hinder, productivity. Key takeaways from this episode: 💡The role of security in maintaining customer trust and protecting revenue 🔐Why security should be built-in by default, so users don’t need to be experts 🗣️The importance of feedback and diverse viewpoints in improving security 🎧Listen now: https://lnkd.in/dnPEJ6Hb #BlueHat #infosec
-
-
📣The moment you’ve been waiting for is here! 📣 The BlueHat 2024 application to attend is now open! If you’re interested in attending #BlueHat in Redmond, WA, USA, October 29-30, please submit your application here: https://msft.it/6040mpdPA Like this post if you're applying!
-
-
Today at the Microsoft STRIKE event: “STRIKE Live: Practical AI Safety and Security,” Eric Douglas CVP, Security Research, Microsoft, gave the opening remarks, and Yonatan Zunger, Deputy CISO and CVP, AI Safety and Security, Microsoft, delivered the keynote to a large group of Microsoft engineers. They emphasized that safety must become as fundamental to our work as breathing. So, what are the basic principles of safety engineering? 𝟭. 𝗞𝗻𝗼𝘄 𝘁𝗵𝗲 𝘄𝗮𝘆𝘀 𝘆𝗼𝘂𝗿 𝘀𝘆𝘀𝘁𝗲𝗺 𝗺𝗶𝗴𝗵𝘁 𝗳𝗮𝗶𝗹 𝗮𝘀 𝗶𝗻𝘁𝗶𝗺𝗮𝘁𝗲𝗹𝘆 𝗮𝘀 𝘁𝗵𝗲 𝘄𝗮𝘆𝘀 𝘆𝗼𝘂𝗿 𝘀𝘆𝘀𝘁𝗲𝗺 𝘀𝗵𝗼𝘂𝗹𝗱 𝘄𝗼𝗿𝗸: • Brainstorm failure scenarios and keep that list as fresh as your success scenarios. • What you don’t know can hurt you – so use many eyes and plan for surprises. 𝟮. 𝗙𝗼𝗿 𝗲𝗮𝗰𝗵 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼, 𝗵𝗮𝘃𝗲 𝗮 𝗽𝗹𝗮𝗻: • Eliminate it. • Reduce its severity or frequency. • Give users a way to solve it themselves. • Have a response plan for when things go wrong. How do you do that brainstorming? Eric and Yonatan recommend a three-pronged approach: • 𝗦𝘆𝘀𝘁𝗲𝗺-𝗳𝗶𝗿𝘀𝘁: What are the components? What happens if each one fails? What if it gets bad input? And the components include the users! • 𝗔𝗰𝘁𝗼𝗿-𝗳𝗶𝗿𝘀𝘁: What might someone want to achieve using this software? Under what circumstances are they using it? • 𝗧𝗮𝗿𝗴𝗲𝘁-𝗳𝗶𝗿𝘀𝘁: Who might be affected by someone using this software? What might make them more or less vulnerable? How would they be able to respond?
-
-
Security updates for September 2024 are now available. Details are available here: https://msft.it/60119yPTS #PatchTuesday #SecurityUpdateGuide
-
-
🚨 The Call for Papers deadline has been extended by popular demand to Friday, September 6, 2024. We can’t wait to review your submissions - don't miss out!
🚨Attention security researchers, responders, and everyone in the security community!🚨 The BlueHat 2024 Call for Papers is now open! We invite everyone to submit proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don’t miss this opportunity to share your findings, new ideas, and best practices at BlueHat 2024, October 29-30, in Redmond, WA. Learn more in our blog post: https://lnkd.in/gETgvsMp #BlueHat #infosec
-
-
Microsoft identified North Korean threat actor Citrine Sleet exploiting CVE-2024-7971 in Chromium for RCE. Details on TTPs, mitigations, and IOCs in our blog below:
Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution (RCE) in the Chromium renderer process. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet, a North Korean threat actor that commonly targets the cryptocurrency sector for financial gain. Google released a fix for the vulnerability, and users should ensure they are using the latest version of Chromium. We thank the Chromium team for their collaboration in addressing this issue. Read our blog to get more information about Citrine Sleet and the observed tactics, techniques, and procedures (TTPs) used to exploit CVE-2024-7971, as well as recommendations for mitigating and protecting against this activity. https://msft.it/6043l7qAH
-
The #BlueHat 2024 Call for Papers is closing soon! You have until August 30th to submit your proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don't miss this chance to share your findings, new ideas, and best practices at BlueHat 2024, happening on October 29-30 in Redmond, WA. Submit your paper here: https://lnkd.in/gBycBdD6
🚨Attention security researchers, responders, and everyone in the security community!🚨 The BlueHat 2024 Call for Papers is now open! We invite everyone to submit proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don’t miss this opportunity to share your findings, new ideas, and best practices at BlueHat 2024, October 29-30, in Redmond, WA. Learn more in our blog post: https://lnkd.in/gETgvsMp #BlueHat #infosec
-