May 24, 2022

New Research Paper: Pre-hijacking Attacks on Web User Accounts

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we […]
May 24, 2022

Anatomy of a DDoS amplification attack

Amplification attacks are one of the most common distributed denial of service (DDoS) attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where […]
May 24, 2022

How to improve risk management using Zero Trust architecture

“Compliance is all about risk management and lessening risk, and the same is true of Zero Trust.” —Abbas Kudrati What’s risk management and why is it […]
May 24, 2022

Beneath the surface: Uncovering the shift in web skimming

Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts. It’s a shift from earlier tactics […]
May 20, 2022

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group […]
May 20, 2022

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew […]
May 19, 2022

So you want to be a CISO: What you should know about data protection

Data is the lifeblood of any organization. Whether you’re a Chief Information Security Officer (CISO) or aspiring to become one, protecting sensitive business data will be […]
May 18, 2022

Easy authentication and authorization in Azure Active Directory with No-Code Datawiza

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. The acceleration of cloud journeys fueled by the […]
May 17, 2022

Microsoft showcases the future of comprehensive security at RSA 2022

The last time the RSA Conference was held as an in-person event was in 2020. Needless to say, a lot has changed since then. RSA is […]
May 14, 2022

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our […]
May 11, 2022

Microsoft security experts outline next steps after compromise recovery

Who is CRSP? The Microsoft Compromise Recovery Security Practice (CRSP) is a worldwide team of cybersecurity experts operating in most countries, across both public and private […]
May 10, 2022

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver […]