all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token

Add to bookmarks
Sept. 18, 2023, 7 a.m. |

Microsoft Security Response Center msrc-blog.microsoft.com

Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.

account blob coordinated coordinated vulnerability disclosure cvd disclosure employee exposure github incident information internal microsoft public report repository sas storage store token url vulnerability vulnerability disclosure wiz

Visit resource

More from msrc-blog.microsoft.com / Microsoft Security Response Center

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 2 weeks, 1 day ago | msrc-blog.microsoft.com
check chen customers hard +13
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs 3 weeks, 3 days ago | msrc-blog.microsoft.com
center communities current customers +20
Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team 1 month ago | msrc-blog.microsoft.com
analysts banking collect curiosity +20
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard 1 month, 3 weeks ago | msrc-blog.microsoft.com
actions actor attack blizzard +24
Faye’s Journey: From Security PM to Diversity Advocate at Microsoft 2 months ago | msrc-blog.microsoft.com
career deployment desktop desktops +9
Microsoft boosts its Microsoft 365 Insider Builds on Windows Bounty Program with higher awards and … 2 months ago | msrc-blog.microsoft.com
award awards bounty bug +16
From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin 2 months ago | msrc-blog.microsoft.com
adventures cybersecurity dream found +7
An Obsession With Impact: The Inspiring Journey of a Dreamer That Led to a Career … 2 months, 1 week ago | msrc-blog.microsoft.com
bruce career college dream +13
New Security Advisory Tab Added to the Microsoft Security Update Guide 2 months, 2 weeks ago | msrc-blog.microsoft.com
advisory customers feedback guide +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Information Security Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Principal Security Researcher (Advanced Threat Prevention)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

EWT Infosec | IAM Technical Security Consultant - Manager

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Engineering Operations Manager

@ Gusto | San Francisco, CA; Denver, CO; Remote
View on infosec-jobs.com

Network Threat Detection Engineer

@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC
View on infosec-jobs.com
View more jobs