マイクロソフトは Outlook の 特権昇格の脆弱性を緩和します
Tuesday, March 14, 2023
本ブログは、Microsoft Mitigates Outlook Elevation of Privilege Vulnerability の抄訳版です。最新の情報は原文を参照してください。 2023 年 5 月
2023
Azure Kubernetes Service (AKS) Threat Hunting
Wednesday, March 01, 2023
As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases.
Configuring host-level audit logging for AKS VMSS
Wednesday, March 01, 2023
This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post (2023-03) and guidance may change in future.
First steps in CHERIoT Security Research
Tuesday, February 28, 2023
At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written in unsafe programming languages, the task of protecting legacy code is very important. Hardware solutions are an attractive approach because they introduce very powerful security properties with low overheads compared to purely software solutions.
2023 年 2 月のセキュリティ更新プログラム (月例)
Tuesday, February 14, 2023
2023 年 2 月 14 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
新しい MSRCのブログサイト
Thursday, February 09, 2023
2023 年 2 月 9 日 (米国時間) から MSRC のブログサイトが新しくなりました。 2023 年 2 月 9 日 (米国時間) 以降は https://msrc.microsoft.com/blog をご
New MSRC Blog Site
Wednesday, February 08, 2023
We are excited to announce the release of the new Microsoft Security Response Center (MSRC) blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved site performance, search, categories, and tags to help users easily find content.
BlueHat 2023: Connecting the security research community with Microsoft
Monday, February 06, 2023
We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where the security research community, and Microsoft security professionals, come together as peers to connect, share, learn, and exchange ideas in the interest of creating a safer and more secure world for all.
Microsoft の調査 – 検証済みの発行者確認を悪用する脅威アクターの同意フィッシング キャンペーンについて
Wednesday, February 01, 2023
本ブログは、Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process の抄訳版です。最新の情報は原文を参照してくださ
Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process
Tuesday, January 31, 2023
Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly known as Microsoft Partner Network (MPN)). The actor used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD.