Threat Intelligence Feeds – A place to control time
Source: https://msrc.microsoft.com/blog/2023/11/reflecting-on-20-years-of-patch-tuesday/ This year is a landmark moment for Microsoft as we observe the 20th anniversary of Patch Tuesday updates, an initiative that has become a cornerstone of the IT world’s approach … Read more
Source: https://msrc.microsoft.com/blog/2023/11/microsoft-guidance-regarding-credentials-leaked-to-github-actions-logs-through-azure-cli/ Summary Summary The Microsoft Security Response Center (MSRC) was made aware of a vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs. The … Read more
Source: https://msrc.microsoft.com/blog/2023/10/congratulations-to-the-top-msrc-2023-q3-security-researchers/ Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top … Read more
Source: https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This … Read more
Source: https://msrc.microsoft.com/blog/2023/10/cybersecurity-awareness-month-2023-elevating-security-together/ As the 20th anniversary of Cybersecurity Awareness Month begins, I find myself reflecting on the strides made since its inception. The journey to enhance and improve cybersecurity is ongoing and extends … Read more
Source: https://msrc.microsoft.com/blog/2023/10/microsofts-response-to-open-source-vulnerabilities-cve-2023-4863-and-cve-2023-5217/ Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our … Read more
Source: https://msrc.microsoft.com/blog/2023/09/microsoft-mitigated-exposure-of-internal-information-in-a-storage-account-due-to-overly-permissive-sas-token/ Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a … Read more
Source: https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/ March 12, 2024 update As part of our continued commitment to transparency and trust outlined in Microsoft’s Secure Future Initiative, we are providing further information as it relates to our … Read more
Source: https://msrc.microsoft.com/blog/2023/08/congratulations-to-the-msrc-2023-most-valuable-security-researchers/ The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we … Read more
Source: https://msrc.microsoft.com/blog/2023/08/Updating-our-Vulnerability-Severity-Classification-for-AI-Systems/ The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. … Read more
Source: https://msrc.microsoft.com/blog/2023/08/microsoft-bug-bounty-program-year-in-review-13.8m-in-rewards/ We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered … Read more
Source: https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/ Summary Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers … Read more
Source: https://msrc.microsoft.com/blog/2023/07/bluehat-october-2023-call-for-papers-is-now-open/ As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA. The Call for … Read more
Source: https://msrc.microsoft.com/blog/2023/07/updated-researcher-portal-submission-form-discover-the-new-fields-in-the-submission-form/ Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, … Read more
Source: https://msrc.microsoft.com/blog/2023/07/from-bounty-leaderboards-to-microsoft-security-researcher-meet-cameron-vincent/ Fun Facts: Game you binged: Guitar Hero and Rock Band fanatic. Go to snack: Nutri-Grain Bars. Favorite Drink: Soda – Coca Cola specifically. Favorite Place: Singapore – stayed an extra … Read more
Source: https://msrc.microsoft.com/blog/2023/07/congratulations-to-the-top-msrc-2023-q2-security-researchers/ Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top … Read more
Source: https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/ UPDATE: Microsoft has released threat analysis on Storm-0558 activity here. Microsoft additionally released additional defense-in-depth security fixes to help customers improve token validation in their custom applications. Microsoft has mitigated … Read more
Source: https://msrc-blog.microsoft.com/blog/2023/06/hey-yara-find-some-vulnerabilities/ Intro Intro Finding vulnerabilities in software is no easy task by itself. Doing this at cloud scale is very challenging to perform manually, and we use tools to help us identify … Read more
Source: https://msrc-blog.microsoft.com/blog/2023/05/announcing-the-bluehat-podcast-listen-and-subscribe-now/ Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available … Read more
Source: https://msrc-blog.microsoft.com/blog/2023/05/guidance-related-to-secure-boot-manager-changes-associated-with-cve-2023-24932/ Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to … Read more