Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token
Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing...
Results of Major Technical Investigations for Storm-0558 Key Acquisition
On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor...
Azure Serial Console Attack and Defense – Part 1
Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the...
Congratulations to the MSRC 2023 Most Valuable Security Researchers!
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.
Today, we are excited to recognize this year’s top 100 Most Valuable...
Updating our Vulnerability Severity Classification for AI Systems
The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability...
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
Summary Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has...
Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards
We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues...
BlueHat October 2023 Call for Papers is Now Open!
As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA.
The Call for Papers (CFP) is now open through August 18, 2023.
The BlueHat...
Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form
Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain...
From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent!
Fun Facts:
Game you binged: Guitar Hero and Rock Band fanatic. Go to snack: Nutri-Grain Bars. Favorite Drink: Soda – Coca Cola specifically. Favorite Place: Singapore – stayed an extra week after a hacking collaboration and truly fell in love...
What to Expect When Reporting Vulnerabilities to Microsoft
At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One of the ways we do this is by working with security researchers...
Congratulations to the Top MSRC 2023 Q2 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers.
The top three researchers of the 2023 Q2 Security Researcher Leaderboard are:...
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
Microsoft has mitigated an attack by a China-based threat actor Microsoft tracks as Storm-0558 which targeted customer emails. Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access. Based on customer reported...
Breaking Barriers: Aditi’s Journey Through Sight Loss to Microsoft AI Innovator
Facts about Aditi Shah:
Tools she uses: Aditi’s main tool is JAWS, a screen reader from Freedom Scientific, which she touts as the best in the market. This tool has made her digital life more manageable, enabling her to perform...
Potential Risk of Privilege Escalation in Azure AD Applications
Summary Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD (AAD) applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege....
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
T-mobile exposes some customer data – but don’t call it a breach
PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...
