Microsoft Security Blog Expert coverage of cybersecurity topics
- Security above all else—expanding Microsoft’s Secure Future Initiativeby Charlie Bell on 3 May 2024 at 2:55 pm
Microsoft is expanding the scope of the Secure Future Initiative to adapt to the evolving cyberthreat landscape. Read about the principles and pillars driving this initiative. The post Security above all else—expanding Microsoft’s Secure Future Initiative appeared first on Microsoft Security Blog.
- Microsoft introduces passkeys for consumer accountsby Vasu Jakkal and Joy Chik on 2 May 2024 at 1:00 pm
The best part about passkeys is that you’ll never need to worry about creating, forgetting, or resetting passwords ever again. Read about Microsoft’s new passkey support for consumer accounts. The post Microsoft introduces passkeys for consumer accounts appeared first on Microsoft Security Blog.
- “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android appsby Microsoft Threat Intelligence on 1 May 2024 at 6:00 pm
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases. The post “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps appeared first on Microsoft Security Blog.
- Investigating industrial control systems using Microsoft’s ICSpector open-source frameworkby Maayan Shaul on 25 April 2024 at 4:00 pm
Microsoft released ICSpector as an open-source framework to help organizations secure their industrial control systems. Read our blog post for details on how it works and why this solution is so critical given modern cybersecurity threats. The post Investigating industrial control systems using Microsoft’s ICSpector open-source framework appeared first on Microsoft Security Blog.
- 5 ways a CNAPP can strengthen your multicloud security environmentby Vlad Korsunsky on 24 April 2024 at 4:00 pm
CNAPP, or cloud-native application protection platform, can be a powerful tool in your cybersecurity toolkit. Read on for highlights of our guide diving into the topic. The post 5 ways a CNAPP can strengthen your multicloud security environment appeared first on Microsoft Security Blog.