Microsoft Security Response Center

Microsoft Security Response Center

计算机和网络安全

Protecting customers and Microsoft from current and emerging threats related to security and privacy.

关于我们

The Microsoft Security Response Center (MSRC) is dedicated to safeguarding customers and Microsoft from security threats. With over two decades of experience, we focus on prevention, rapid defense, and community trust. Together, we’ll continue to protect our users and the broader ecosystem.

网站
https://www.microsoft.com/en-us/msrc
所属行业
计算机和网络安全
规模
超过 10,001 人
领域
Cybersecurity、Security response、Incident response、Bug bounty、Security research和BlueHat

动态

  • 查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    Today at the Microsoft STRIKE event: “STRIKE Live: Practical AI Safety and Security,” Eric Douglas CVP, Security Research, Microsoft, gave the opening remarks, and Yonatan Zunger, Deputy CISO and CVP, AI Safety and Security, Microsoft, delivered the keynote to a large group of Microsoft engineers. They emphasized that safety must become as fundamental to our work as breathing. So, what are the basic principles of safety engineering? ??. ???????? ?????? ???????? ???????? ???????????? ?????????? ???????? ???? ???????????????????? ???? ?????? ???????? ???????? ???????????? ???????????? ????????: ? Brainstorm failure scenarios and keep that list as fresh as your success scenarios. ? What you don’t know can hurt you – so use many eyes and plan for surprises. ??. ?????? ???????? ????????????????, ???????? ?? ????????: ? Eliminate it. ? Reduce its severity or frequency. ? Give users a way to solve it themselves. ? Have a response plan for when things go wrong. How do you do that brainstorming? Eric and Yonatan recommend a three-pronged approach: ? ????????????-??????????: What are the components? What happens if each one fails? What if it gets bad input? And the components include the users! ? ??????????-??????????: What might someone want to achieve using this software? Under what circumstances are they using it? ? ????????????-??????????: Who might be affected by someone using this software? What might make them more or less vulnerable? How would they be able to respond?

    • 该图片无替代文字
    • 该图片无替代文字
  • 查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    ???The Call for Papers deadline has been extended by popular demand to Friday, September 6, 2024. We can’t wait to review your submissions - don't miss out!

    查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    ??Attention security researchers, responders, and everyone in the security community!?? The BlueHat 2024 Call for Papers is now open! We invite everyone to submit proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don’t miss this opportunity to share your findings, new ideas, and best practices at BlueHat 2024, October 29-30, in Redmond, WA. Learn more in our blog post: https://lnkd.in/gETgvsMp #BlueHat #infosec

    • 该图片无替代文字
  • 查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    Microsoft identified North Korean threat actor Citrine Sleet exploiting CVE-2024-7971 in Chromium for RCE. Details on TTPs, mitigations, and IOCs in our blog below:

    查看Microsoft Threat Intelligence的公司主页,图片

    43,009 位关注者

    Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution (RCE) in the Chromium renderer process. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet, a North Korean threat actor that commonly targets the cryptocurrency sector for financial gain. Google released a fix for the vulnerability, and users should ensure they are using the latest version of Chromium. We thank the Chromium team for their collaboration in addressing this issue. Read our blog to get more information about Citrine Sleet and the observed tactics, techniques, and procedures (TTPs) used to exploit CVE-2024-7971, as well as recommendations for mitigating and protecting against this activity. https://msft.it/6043l7qAH

    North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog

    North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog

    microsoft.com

  • 查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    The #BlueHat 2024 Call for Papers is closing soon! You have until August 30th to submit your proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don't miss this chance to share your findings, new ideas, and best practices at BlueHat 2024, happening on October 29-30 in Redmond, WA. Submit your paper here: https://lnkd.in/gBycBdD6

    查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    ??Attention security researchers, responders, and everyone in the security community!?? The BlueHat 2024 Call for Papers is now open! We invite everyone to submit proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don’t miss this opportunity to share your findings, new ideas, and best practices at BlueHat 2024, October 29-30, in Redmond, WA. Learn more in our blog post: https://lnkd.in/gETgvsMp #BlueHat #infosec

    • 该图片无替代文字
  • 查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    Interns?@ Microsoft had the awesome opportunity over the summer to compete in the intern-led overnight event, InternHacks! 60+ interns attended both in-person in Redmond as well as virtually from Microsoft's many campuses. Hackers with diverse skill sets worked together in teams of up to 5 to hack together awesome projects in only 24 hours,?with help from in-person and online mentors. Participants had the opportunity to attend insightful workshops hosted by interns and hear from 3 inspiring keynote speakers representing various internal Employee Resource Groups. ?? Please join us in congratulating the top scoring teams and projects:? Artificial Intelligence Track: Helios, by Katie Cheng, P. Kayleen Ramirez, Kelly Zhang, and Om Shastri. Low Code/No Code Track: Installment Optimizer for Ground Source Heat Pump Systems, by Wonjun Jo. Community & Accessibility Track: CityRecs, by Michelle Chang, Aaron Alexander, Asif Mammadov, and Julia Gao. Startup Track: Have I Been Faked, by ALEXANDRA I FUENTES MERCADO, Isaiah Carrington, Jack Saunders, and Sophia Lin. Best Overall: Hot Girl Travel AI, by Natasha Maya Narayanan, Catherine Zhang, Jacqueline Cai, and Lily Pham. Huge thank you to the lead organizers (Parker Leathers, Kevin Granados, Brenda Leyva, Michael Mundia) and to the 28 organizers who worked alongside them for making InternHacks possible!???

    • 该图片无替代文字
    • 该图片无替代文字
    • 该图片无替代文字
    • 该图片无替代文字
    • 该图片无替代文字
  • 查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    Tom Gallagher, VP of Engineering, MSRC, recently shared insights from his experience at Black Hat with Dark Reading, discussing the importance of collaboration with the cybersecurity community. Key takeaways include: ? Community engagement: Engaging in meaningful two-way conversations at Black Hat highlights the innovative ways researchers are tackling cybersecurity challenges, which is important for strengthening relationships and improving our systems. ? Holistic vulnerability management: MSRC’s approach to vulnerability management goes beyond fixing individual bugs. We focus on identifying and eradicating entire classes of attacks, ensuring our products and services are more resilient. ? AI security: AI's role in cybersecurity is increasingly important. Microsoft has integrated AI into its bounty program, working to understand and mitigate vulnerabilities within AI systems. While AI security is still in its early stages, Microsoft is actively working to mature this area, focusing on logging, understanding attack types, and refining our approach with the security community. With this learning, we continue to evolve Microsoft’s AI Security Bug Bar (https://lnkd.in/gyn2C5es). ? Secure Future Initiative: As part of the Secure Future Initiative, launched in November, we're accelerating our response and remediation efforts across the company. Our goal is to make systems smarter and help product teams resolve issues more rapidly. ? Transparency and reporting: Transparency is key in our cybersecurity efforts. Microsoft has been publishing CVEs since 1999 where customers needed to act – like installing a patch.? In June 2024, we began publishing CVEs for critical cloud vulnerabilities, even when no action is required, to keep the community informed and engaged. ? These efforts reflect Microsoft’s ongoing commitment to enhancing security through collaboration, innovation, and transparency. Watch the full interview with Tom Gallagher here: https://lnkd.in/gfSbYnwX?

  • 查看Microsoft Security Response Center的公司主页,图片

    18,161 位关注者

    ??Attention security researchers, responders, and everyone in the security community!?? The BlueHat 2024 Call for Papers is now open! We invite everyone to submit proposals for 45-minute Breakout Sessions or 15-minute Lightning Talks. Don’t miss this opportunity to share your findings, new ideas, and best practices at BlueHat 2024, October 29-30, in Redmond, WA. Learn more in our blog post: https://lnkd.in/gETgvsMp #BlueHat #infosec

    • 该图片无替代文字

关联主页

相似主页