389 matches found
February 2020 security updates are available
We have released the February security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. The post February...
カスタマー サポート データベースのアクセス構成の誤りについて
本記事は、Microsoft Security Response Center ブログ “Access Misconfiguration for Customer Support Database” 2020 年 1 月 22 日 米国時間...
OnePlus Suffers New Data Breach Impacting Its Online Store Customers
Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website. The breach came to light after OnePlus started informing affected customers via...
BlueHat Seattle videos are online!
Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone. We are also...
Ransomware, Mobile Malware Attacks to Surge in 2020
Cyber threats like targeted ransomware, mobile malware and sophisticated phishing attacks will escalate in 2020, researchers warn. However, defenses like artificial intelligence AI, cyber insurance and faster security response will also increase, helping defend companies against imminent threats,...
Introducing the ElectionGuard Bounty program
Announcing the new ElectionGuard Bounty program The post Introducing the ElectionGuard Bounty program appeared first on Microsoft Security Response Center...
An intern’s experience with Rust
Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...
An intern's experience with Rust
Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...
Apple Claims Google is Spreading FUD Over Patched iPhone Bugs
Apple has called out Google for promoting a “false impression” about iOS vulnerabilities the iPhone maker said it fixed in February. It claims Google is unnecessarily panicking Apple customers. On Aug. 29, Ian Beer of Google’s Project Zero published a blog post that took a “very deep dive” into 1...
A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response
Earlier this year, I reached out to Check Point researcher Eyal Itkin, who had published multiple flaws in several Remote Desktop Protocol RDP clients, including a vulnerability in mstsc.exe, the built-in RDP client application in Windows. While there were no active exploits detected in the wild,...
Meet the MSRC at Black Hat 2019
We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog. Wednesday, August 7 ...
Countdown to Black Hat: Top 10 Sessions to Attend — #8
Black Hat kicks off in a few days, and for Qualys customers still planning their schedule we have our weekly recommendation from among the conference’s many training courses and research briefings: The Enemy Within: Modern Supply Chain Attacks. Speaker Eric Doerr, General Manager of the Microsoft...
Meet the MSRC at Black Hat 2019
We’re getting close to Black Hat, and we hope to see you there. Here’s where you can find members of the Microsoft Security Response Center if you’d like to say hello, ask a question about a report you made, discuss a recent blog article, or just show us pictures of your dog...
A proactive approach to more secure code
What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre MSRC has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019...
Inside the MSRC – Building your own security incident response process
This is the third and last in a series of posts that looks at how Microsoft responds to elevated threats to customers through the Microsoft Security Response Center’s MSRC Software and Services Incident Response Plan SSIRP. Our previous posts discussed how Microsoft protects customers against...
Inside the MSRC – Anatomy of a SSIRP incident
This is the second in a series of blog posts that shares how the MSRC responds to elevated threats to customers through the Software and Services Incident Response Plan SSIRP. In our last blog post, we looked at the history of the Microsoft Security Response Center and SSIRP, and how Microsoft...
Inside the MSRC – Anatomy of a SSIRP incident
This is the second in a series of blog posts that shares how the MSRC responds to elevated threats to customers through the Software and Services Incident Response Plan SSIRP. In ourlast blog post, we looked at the history of the Microsoft Security Response Center and SSIRP, and how Microsoft tak...
Inside the MSRC – Anatomy of a SSIRP incident
This is the second in a series of blog posts that shares how the MSRC responds to elevated threats to customers through the Software and Services Incident Response Plan SSIRP. In ourlast blog post, we looked at the history of the Microsoft Security Response Center and SSIRP, and how Microsoft tak...
Inside the MSRC – Customer-centric incident response
The Microsoft Security Response Center MSRC is an integral part of Microsoft’s Cyber Defense Operations Center CDOC that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24×7, the CDOC has...
Inside the MSRC – Customer-centric incident response
The Microsoft Security Response Center MSRC is an integral part of Microsoft’s Cyber Defense Operations Center CDOC that brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24x7, the CDOC has...