📣The moment you’ve been waiting for is here! 📣 The BlueHat 2024 application to attend is now open! If you’re interested in attending #BlueHat in Redmond, WA, USA, October 29-30, please submit your application here: https://msft.it/6040mpdPA Like this post if you're applying!
Microsoft Security Response Center
Computer and Network Security
Protecting customers and Microsoft from current and emerging threats related to security and privacy.
About us
The Microsoft Security Response Center (MSRC) is dedicated to safeguarding customers and Microsoft from security threats. With over two decades of experience, we focus on prevention, rapid defense, and community trust. Together, we’ll continue to protect our users and the broader ecosystem.
- Website
-
https://www.microsoft.com/en-us/msrc
External link for Microsoft Security Response Center
- Industry
- Computer and Network Security
- Company size
- 10,001+ employees
- Specialties
- Cybersecurity, Security response, Incident response, Bug bounty, Security research, and BlueHat
Updates
-
Today at the Microsoft STRIKE event: “STRIKE Live: Practical AI Safety and Security,” Eric Douglas CVP, Security Research, Microsoft, gave the opening remarks, and Yonatan Zunger, Deputy CISO and CVP, AI Safety and Security, Microsoft, delivered the keynote to a large group of Microsoft engineers. They emphasized that safety must become as fundamental to our work as breathing. So, what are the basic principles of safety engineering? 𝟭. 𝗞𝗻𝗼𝘄 𝘁𝗵𝗲 𝘄𝗮𝘆𝘀 𝘆𝗼𝘂𝗿 𝘀𝘆𝘀𝘁𝗲𝗺 𝗺𝗶𝗴𝗵𝘁 𝗳𝗮𝗶𝗹 𝗮𝘀 𝗶𝗻𝘁𝗶𝗺𝗮𝘁𝗲𝗹𝘆 𝗮𝘀 𝘁𝗵𝗲 𝘄𝗮𝘆𝘀 𝘆𝗼𝘂𝗿 𝘀𝘆𝘀𝘁𝗲𝗺 𝘀𝗵𝗼𝘂𝗹𝗱 𝘄𝗼𝗿𝗸: • Brainstorm failure scenarios and keep that list as fresh as your success scenarios. • What you don’t know can hurt you – so use many eyes and plan for surprises. 𝟮. 𝗙𝗼𝗿 𝗲𝗮𝗰𝗵 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼, 𝗵𝗮𝘃𝗲 𝗮 𝗽𝗹𝗮𝗻: • Eliminate it. • Reduce its severity or frequency. • Give users a way to solve it themselves. • Have a response plan for when things go wrong. How do you do that brainstorming? Eric and Yonatan recommend a three-pronged approach: • 𝗦𝘆𝘀𝘁𝗲𝗺-𝗳𝗶𝗿𝘀𝘁: What are the components? What happens if each one fails? What if it gets bad input? And the components include the users! • 𝗔𝗰𝘁𝗼𝗿-𝗳𝗶𝗿𝘀𝘁: What might someone want to achieve using this software? Under what circumstances are they using it? • 𝗧𝗮𝗿𝗴𝗲𝘁-𝗳𝗶𝗿𝘀𝘁: Who might be affected by someone using this software? What might make them more or less vulnerable? How would they be able to respond?
-
-
Security updates for September 2024 are now available. Details are available here: https://msft.it/60119yPTS #PatchTuesday #SecurityUpdateGuide
-
-
🚨 The Call for Papers deadline has been extended by popular demand to Friday, September 6, 2024. We can’t wait to review your submissions - don't miss out!
🚨Attention security researchers, responders, and everyone in the security community!🚨 The BlueHat 2024 Call for Papers is now open! We invite everyone to submit proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don’t miss this opportunity to share your findings, new ideas, and best practices at BlueHat 2024, October 29-30, in Redmond, WA. Learn more in our blog post: https://lnkd.in/gETgvsMp #BlueHat #infosec
-
-
Microsoft identified North Korean threat actor Citrine Sleet exploiting CVE-2024-7971 in Chromium for RCE. Details on TTPs, mitigations, and IOCs in our blog below:
Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution (RCE) in the Chromium renderer process. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet, a North Korean threat actor that commonly targets the cryptocurrency sector for financial gain. Google released a fix for the vulnerability, and users should ensure they are using the latest version of Chromium. We thank the Chromium team for their collaboration in addressing this issue. Read our blog to get more information about Citrine Sleet and the observed tactics, techniques, and procedures (TTPs) used to exploit CVE-2024-7971, as well as recommendations for mitigating and protecting against this activity. https://msft.it/6043l7qAH
-
The #BlueHat 2024 Call for Papers is closing soon! You have until August 30th to submit your proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don't miss this chance to share your findings, new ideas, and best practices at BlueHat 2024, happening on October 29-30 in Redmond, WA. Submit your paper here: https://lnkd.in/gBycBdD6
🚨Attention security researchers, responders, and everyone in the security community!🚨 The BlueHat 2024 Call for Papers is now open! We invite everyone to submit proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don’t miss this opportunity to share your findings, new ideas, and best practices at BlueHat 2024, October 29-30, in Redmond, WA. Learn more in our blog post: https://lnkd.in/gETgvsMp #BlueHat #infosec
-
-
Interns @ Microsoft had the awesome opportunity over the summer to compete in the intern-led overnight event, InternHacks! 60+ interns attended both in-person in Redmond as well as virtually from Microsoft's many campuses. Hackers with diverse skill sets worked together in teams of up to 5 to hack together awesome projects in only 24 hours, with help from in-person and online mentors. Participants had the opportunity to attend insightful workshops hosted by interns and hear from 3 inspiring keynote speakers representing various internal Employee Resource Groups. 🏆 Please join us in congratulating the top scoring teams and projects: Artificial Intelligence Track: Helios, by Katie Cheng, P. Kayleen Ramirez, Kelly Zhang, and Om Shastri. Low Code/No Code Track: Installment Optimizer for Ground Source Heat Pump Systems, by Wonjun Jo. Community & Accessibility Track: CityRecs, by Michelle Chang, Aaron Alexander, Asif Mammadov, and Julia Gao. Startup Track: Have I Been Faked, by ALEXANDRA I FUENTES MERCADO, Isaiah Carrington, Jack Saunders, and Sophia Lin. Best Overall: Hot Girl Travel AI, by Natasha Maya Narayanan, Catherine Zhang, Jacqueline Cai, and Lily Pham. Huge thank you to the lead organizers (Parker Leathers, Kevin Granados, Brenda Leyva, Michael Mundia) and to the 28 organizers who worked alongside them for making InternHacks possible! 👏
-
-
Tom Gallagher, VP of Engineering, MSRC, recently shared insights from his experience at Black Hat with Dark Reading, discussing the importance of collaboration with the cybersecurity community. Key takeaways include: • Community engagement: Engaging in meaningful two-way conversations at Black Hat highlights the innovative ways researchers are tackling cybersecurity challenges, which is important for strengthening relationships and improving our systems. • Holistic vulnerability management: MSRC’s approach to vulnerability management goes beyond fixing individual bugs. We focus on identifying and eradicating entire classes of attacks, ensuring our products and services are more resilient. • AI security: AI's role in cybersecurity is increasingly important. Microsoft has integrated AI into its bounty program, working to understand and mitigate vulnerabilities within AI systems. While AI security is still in its early stages, Microsoft is actively working to mature this area, focusing on logging, understanding attack types, and refining our approach with the security community. With this learning, we continue to evolve Microsoft’s AI Security Bug Bar (https://lnkd.in/gyn2C5es). • Secure Future Initiative: As part of the Secure Future Initiative, launched in November, we're accelerating our response and remediation efforts across the company. Our goal is to make systems smarter and help product teams resolve issues more rapidly. • Transparency and reporting: Transparency is key in our cybersecurity efforts. Microsoft has been publishing CVEs since 1999 where customers needed to act – like installing a patch. In June 2024, we began publishing CVEs for critical cloud vulnerabilities, even when no action is required, to keep the community informed and engaged. These efforts reflect Microsoft’s ongoing commitment to enhancing security through collaboration, innovation, and transparency. Watch the full interview with Tom Gallagher here: https://lnkd.in/gfSbYnwX
News Desk 2024: Tom Gallagher on Microsoft Security Response Center
https://www.youtube.com/
-
🚨Attention security researchers, responders, and everyone in the security community!🚨 The BlueHat 2024 Call for Papers is now open! We invite everyone to submit proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don’t miss this opportunity to share your findings, new ideas, and best practices at BlueHat 2024, October 29-30, in Redmond, WA. Learn more in our blog post: https://lnkd.in/gETgvsMp #BlueHat #infosec
-
-
Security updates for August 2024 are now available. Details are available here: https://msft.it/60119yPTS #PatchTuesday #SecurityUpdateGuide
-