Sicurezza – Bollettini Microsoft e Linux
News, Alert e Bollettini di sicurezza Microsoft e Linux
- Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzardon 8 Marzo 2024 at 8:00 am
This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.
- Faye’s Journey: From Security PM to Diversity Advocate at Microsofton 29 Febbraio 2024 at 8:00 am
Faye, a veteran at Microsoft for 22 years, has had a career as varied as it is long. Her journey began in 2002 as the first desktop security Project Manager (PM) in Microsoft IT. From there, she transitioned into owning a deployment team that deployed to desktops and handled operations for Office’s first few customers.
- Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and an expanded scopeon 27 Febbraio 2024 at 8:00 am
Starting today, we are doubling the maximum bounty award for the Microsoft 365 Insider Bug Bounty Program to $30,000 USD for high impact scenarios, such as unauthenticated non-sandboxed code execution with no user interaction. We are also expanding the scope of our bounty program to include more vulnerability types and products.
- From Indiana Jones to Cybersecurity: The Inspiring Journey of Devinon 26 Febbraio 2024 at 8:00 am
As a young boy, Devin found himself captivated by the adventures of Indiana Jones, the whip-wielding archaeologist from the VHS movies his grandfather showed him. The thrill of unearthing history and the allure of the unknown ignited a spark in Devin, leading him to dream of becoming an archaeologist. However, as he grew older and learned more about the realities of archaeology, he realized that his passion lay elsewhere.
- An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career at Microsofton 20 Febbraio 2024 at 8:00 am
Bruce’s story unfolds in Cincinnati, Ohio. As a young boy, he had an ambitious dream of one day becoming the President of the United States. This aspiration remained his guiding star until he began his professional career after college. His mother, amused by his
- New Security Advisory Tab Added to the Microsoft Security Update Guideon 15 Febbraio 2024 at 8:00 am
Today, we are adding a new Security Advisory tab to the Security Update Guide to meet our customers’ needs for a unified and authoritative source for the latest public information about Microsoft security updates and issues. We are continuously listening to feedback from users of the Security Update Guide. Our goal is to find new and improved ways to help customers manage security risks and keep their systems protected.
- Congratulations to the Top MSRC 2023 Q4 Security Researchers!on 30 Gennaio 2024 at 8:00 am
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q4 Security Researcher Leaderboard are Yuki Chen, Wei, VictorV! Check out the full list of researchers recognized this quarter here.
- Microsoft Actions Following Attack by Nation State Actor Midnight Blizzardon 19 Gennaio 2024 at 8:00 am
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.
- BlueHat India Call for Papers is Now Open!on 8 Gennaio 2024 at 8:00 am
You asked for it and it’s finally here! The inaugural BlueHat India conference will be held May 16-17th, 2024, in Hyderabad, India! This intimate conference will bring together a unique blend of security researchers and responders, who come together as peers to exchange ideas, experiences, and learnings in the interest of creating a safer and more secure world for all.
- Microsoft addresses App Installer abuseon 28 Dicembre 2023 at 8:00 am
Summary In recent months, Microsoft Threat Intelligence has observed threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. We have addressed and mitigated this malicious activity by turning off ms-appinstaller by default. Additionally, Microsoft has coordinated with Certificate Authorities to revoke the abused code signing certificates utilized by malware samples we have identified.
- Azure Serial Console Attack and Defense - Part 2on 19 Dicembre 2023 at 8:00 am
This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as using Azure activity and Sysmon logs on Windows virtual machines to trace serial console activity, this blog outlines how to enable logging for Azure Linux virtual machines using Sysmon for Linux to capture and how to send these events to a log analytics workspace.
- Introducing the Microsoft Defender Bounty Programon 21 Novembre 2023 at 8:00 am
We are excited to announce the new Microsoft Defender Bounty Program with awards of up to $20,000 USD. The Microsoft Defender brand encompasses a variety of products and services designed to enhance the security of the Microsoft customer experience. The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team.
- Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awardedon 20 Novembre 2023 at 8:00 am
This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These individuals have discovered and reported vulnerabilities under Coordinated Vulnerability Disclosure, aiding Microsoft in navigating the continuously evolving security threat landscape and emerging technologies.
- Reflecting on 20 years of Patch Tuesdayon 17 Novembre 2023 at 8:00 am
This year is a landmark moment for Microsoft as we observe the 20th anniversary of Patch Tuesday updates, an initiative that has become a cornerstone of the IT world’s approach to cybersecurity. Originating from the Trustworthy Computing memo by Bill Gates in 2002, our unwavering commitment to protecting customers continues to this day and is reflected in Microsoft’s Secure Future Initiative announced this month.
- Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLIon 14 Novembre 2023 at 8:00 am
Summary The Microsoft Security Response Center (MSRC) was made aware of a vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs. The researcher, from Palo Alto Networks Prisma Cloud, found that Azure CLI commands could be used to show sensitive data and output to Continuous Integration and Continuous Deployment (CI/CD) logs.
- Congratulations to the Top MSRC 2023 Q3 Security Researchers!on 16 Ottobre 2023 at 7:00 am
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q3 Security Researcher Leaderboard are Wei, VictorV, and Anonymous! Check out the full list of researchers recognized this quarter here.
- Introducing the Microsoft AI Bug Bounty Program featuring the AI-powered Bing experienceon 12 Ottobre 2023 at 7:00 am
Today at BlueHat we announced the new Microsoft AI bug bounty program with awards up to $15,000. This new bounty program features the AI-powered Bing experience as the first in scope product. The following products and integrations are eligible for bounty awards: AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator) AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise AI-powered Bing integration in the Microsoft Start Application (iOS and Android) AI-powered Bing integration in the Skype Mobile Application (iOS and Android) Full details can be found on our bounty program website.
- Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2on 10 Ottobre 2023 at 7:00 am
Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.
- Cybersecurity Awareness Month 2023: Elevating Security Togetheron 5 Ottobre 2023 at 7:00 am
As the 20th anniversary of Cybersecurity Awareness Month begins, I find myself reflecting on the strides made since its inception. The journey to enhance and improve cybersecurity is ongoing and extends beyond October. It’s not merely a technological challenge; it is fundamentally about people. It’s about the customers and communities that we at Microsoft work tirelessly to safeguard and defend.
- Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217on 2 Ottobre 2023 at 7:00 am
Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: CVE-2023-4863 Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released on Windows and updates through Microsoft Store) CVE-2023-5217
- Journey Down Under: How Rocco Became Australia’s Premier Hackeron 25 Settembre 2023 at 7:00 am
Fun facts about Rocco Calvi (@TecR0c): Microsoft MVR: Rocco is a 2023 Microsoft Most Valuable Researcher. Fitness fanatic: Inspired by old-school body building and countless hours of chopping and carrying wood in the mountains during his youth, Rocco remains a fitness enthusiast, setting himself challenges and pushing his limits.
- Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS tokenon 18 Settembre 2023 at 7:00 am
Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.
- Results of Major Technical Investigations for Storm-0558 Key Acquisitionon 6 Settembre 2023 at 7:00 am
March 12, 2024 update As part of our continued commitment to transparency and trust outlined in Microsoft’s Secure Future Initiative, we are providing further information as it relates to our ongoing investigation. This new information does not change the customer guidance we previously shared, nor have our ongoing investigations revealed additional impact to Microsoft or our customers.
- Azure Serial Console Attack and Defense - Part 1on 10 Agosto 2023 at 7:00 am
Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users debug their machine, there are several interesting ways to abuse the features and compromise sensitive information.
- Congratulations to the MSRC 2023 Most Valuable Security Researchers!on 8 Agosto 2023 at 7:00 am
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report.
- Updating our Vulnerability Severity Classification for AI Systemson 8 Agosto 2023 at 7:00 am
The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, an update to Microsoft’s existing vulnerability severity classification (i.
- Microsoft Bug Bounty Program Year in Review: $13.8M in Rewardson 7 Agosto 2023 at 7:00 am
We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.
- Microsoft mitigates Power Platform Custom Code information disclosure vulnerabilityon 4 Agosto 2023 at 7:00 am
Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has been fully addressed for all customers and no customer remediation action is required.
- BlueHat October 2023 Call for Papers is Now Open!on 27 Luglio 2023 at 7:00 am
As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA. The Call for Papers (CFP) is now open through August 18, 2023. The BlueHat community is a unique blend of security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and learnings in the interest of creating a safer and more secure world for all.
- Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Formon 20 Luglio 2023 at 7:00 am
Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends across multiple reported security vulnerabilities. The additional fields are not mandatory fields to submit a report.
- Ubuntu 6698-1: Vim vulnerabilityby LinuxSecurity Advisories on 18 Marzo 2024 at 6:54 pm
Vim could be made to crash if it opened a specially crafted file.
- Debian LTS: DLA-3765-1: cacti security updateby LinuxSecurity Advisories on 18 Marzo 2024 at 6:26 pm
Multiple vulnerabilities were found in Cacti, a network monitoring system. An attacker could manipulate the database, execute code remotely, launch DoS (denial-of-service) attacks or impersonate Cacti users, in some situations.
- Mageia 2024-0072: expat security updateby LinuxSecurity Advisories on 18 Marzo 2024 at 4:13 pm
It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-52425, CVE-2024-28757)
- Mageia 2024-0071: multipath-tools security updateby LinuxSecurity Advisories on 18 Marzo 2024 at 4:13 pm
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly
- Mageia 2024-0070: apache-mod_security-crs security updateby LinuxSecurity Advisories on 18 Marzo 2024 at 4:13 pm
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. (CVE-2018-16384) Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a
- Debian LTS: DLA-3764-1: postgresql-11 security updateby LinuxSecurity Advisories on 18 Marzo 2024 at 3:47 pm
In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands.
- Severe X.Org Memory Safety, Code Execution Vulns Fixedby Anthony Pell on 17 Marzo 2024 at 11:00 am
After recent heap overflow, out-of-bounds write, and privilege escalation flaws brought X.Org into the spotlight, more severe memory safety and code execution vulnerabilities have been identified in the popular X server. These issues affect the X.Org X11 server.
- Multiple Chromium DoS, Info Disclosure Vulns Fixedby Brittany Day on 17 Marzo 2024 at 11:00 am
Multiple severe security issues were discovered in Chromium before version 122.0.6261.128, which could result in arbitrary code execution, denial of service, or information disclosure. Let's examine these vulnerabilities, their impact, and how to protect against them.
- Enhancing Security in Linux Web Applications with Advanced Secure Coding Practicesby Brittany Day on 5 Marzo 2024 at 2:10 pm
Cybersecurity is not static; it's a game of continuous evolution. As web applications burgeon, so too do the threats against them. Within Linux environments, where flexibility and open-source attributes are prized, secure coding practices, Linux devs can stand on vigilant watch against these proliferating dangers.
- Charting the Course of Cybersecurity Education for Linux Adminsby Brittany Day on 25 Febbraio 2024 at 10:27 pm
Linux administrators and infosec professionals face rising cyber threats in today's interconnected digital world. As open-source platforms gain more importance, securing them becomes mission-critical for organizations worldwide.
- Closing the Security Gap: Navigating Modern Technology and Outdated Systems in Linux Securityby Dave Wreski on 9 Febbraio 2024 at 5:52 pm
Most businesses understand the need for cybersecurity. However, many of those same companies still rely on outdated systems, making it hard to ensure the security they know they need.
- Guide to Secure Data Backup for Linux Usersby Duane Dunston on 1 Febbraio 2024 at 2:10 pm
Data security in a modern business environment is considered one of the most critical factors for any company. The digitalization of the world has led to more and more data being generated daily, including very sensitive data, such as internal business plans, customer payment data, etc.