Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances.
"When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim's

Email Security / Vulnerability

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances.

"When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim's browser," cybersecurity company Sonar said in an analysis published this week.

"Attackers can abuse the vulnerability to steal emails, contacts, and the victim's email password as well as send emails from the victim's account."

Following responsible disclosure on June 18, 2024, the three vulnerabilities have been addressed in Roundcube versions 1.6.8 and 1.5.8 released on August 4, 2024.

The list of vulnerabilities is as follows -

*   **CVE-2024-42008** - A cross-site scripting flaw via a malicious email attachment served with a dangerous Content-Type header
*   **CVE-2024-42009** - A cross-site scripting flaw that arises from post-processing of sanitized HTML content
*   **CVE-2024-42010** - An information disclosure flaw that stems from insufficient CSS filtering

Successful exploitation of the aforementioned flaws could allow unauthenticated attackers to steal emails and contacts, as well as send emails from a victim's account, but after viewing a specially crafted email in Roundcube.

"Attackers can gain a persistent foothold in the victim's browser across restarts, allowing them to exfiltrate emails continuously or steal the victim's password the next time it is entered," security researcher Oskar Zeino-Mahmalat said.

"For a successful attack, no user interaction beyond viewing the attacker's email is required to exploit the critical XSS vulnerability (CVE-2024-42009). For CVE-2024-42008, a single click by the victim is needed for the exploit to work, but the attacker can make this interaction unobvious for the user."

Additional technical details about the issues have been withheld to give time for users to update to the latest version, and in light of the fact that flaws in the webmail software have been repeatedly exploited by nation-state actors like APT28, Winter Vivern, and TAG-70.

The findings come as details have emerged about a maximum-severity local privilege escalation flaw in the RaspAP open-source project (CVE-2024-41637, CVSS score: 10.0) that allows an attacker to elevate to root and execute several critical commands. The vulnerability has been addressed in version 3.1.5.

"The www-data user has write access to the restapi.service file and also possesses sudo privileges to execute several critical commands without a password," a security researcher who goes by the online alias 0xZon1 said. "This combination of permissions allows an attacker to modify the service to execute arbitrary code with root privileges, escalating their access from www-data to root."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra.
"GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services," Symantec, part of Broadcom, said in a report shared with The Hacker News.
It's currently not clear how it's

Cloud Security / Cyber Espionage

An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra.

"GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services," Symantec, part of Broadcom, said in a report shared with The Hacker News.

It's currently not clear how it's delivered to target environments, GoGra is specifically configured to read messages from an Outlook username "FNU LNU" whose subject line starts with the word "Input."

The message contents are then decrypted using the AES-256 algorithm in Cipher Block Chaining (CBC) mode using a key, following which it executes the commands via cmd.exe.

The results of the operation are then encrypted and sent to the same user with the subject "Output."

GoGra is said to be the work of a nation-state hacking group known as Harvester owing to its similarities to a custom .NET implant named Graphon that also utilizes the Graph API for C&C purposes.

The development comes as threat actors are increasingly taking advantage of legitimate cloud services to stay low-key and avoid having to purchase dedicated infrastructure.

Some of the other new malware families that have employed the technique are listed below -

*   A previously unseen data exfiltration tool deployed by Firefly in a cyber attack targeting a military organization in Southeast Asia. The harvested information is uploaded to Google Drive using a hard-coded refresh token.

*   A new backdoor dubbed Grager was deployed against three organizations in Taiwan, Hong Kong, and Vietnam in April 2024. It uses the Graph API to communicate with a C&C server hosted on Microsoft OneDrive. The activity has been tentatively linked to a suspected Chinese threat actor tracked as UNC5330.

*   A backdoor known as MoonTag contains functionality for communicating with the Graph API and is attributed to a Chinese-speaking threat actor

*   A backdoor called Onedrivetools has been used against IT services companies in the U.S. and Europe. It uses the Graph API to interact with a C&C server hosted on OneDrive to execute received commands and save the output to OneDrive.

"Although leveraging cloud services for command and control is not a new technique, more and more attackers have started to use it recently," Symantec said, pointing to malware like BLUELIGHT, Graphite, Graphican, and BirdyClient.

"The number of actors now deploying threats that leverage cloud services suggests that espionage actors are clearly studying threats created by other groups and mimicking what they perceive to be successful techniques."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Go-based Backdoor GoGra Targets South Asian Media Organization

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally.
The "Channel File 291" incident, as originally highlighted in its Preliminary Post Incident Review (PIR), has been traced back to a content validation issue that arose after it introduced a new Template Type to enable

Cybersecurity / Incident Response

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally.

The "Channel File 291" incident, as originally highlighted in its Preliminary Post Incident Review (PIR), has been traced back to a content validation issue that arose after it introduced a new Template Type to enable visibility into and detection of novel attack techniques that abuse named pipes and other Windows interprocess communication (IPC) mechanisms.

Specifically, it's related to a problematic content update deployed over the cloud, describing it as a "confluence" of several problems that led to a crash: A mismatch between the 21 inputs passed to the Content Validator via the IPC Template Type as opposed to the 20 supplied to the Content Interpreter.

CrowdStrike said the parameter mismatch was not discovered during "multiple layers" of the testing process, in part due to the use of wildcard matching criteria for the 21st input during testing and in the initial IPC Template Instances that were delivered between March and April 2024.

In other words, the new version of Channel File 291 pushed on July 19, 2024, was the first IPC Template Instance to make use of the 21st input parameter field. The lack of a specific test case for non-wildcard matching criteria in the 21st field meant that this was not flagged until after the Rapid Response Content was shipped to the sensors.

"Sensors that received the new version of Channel File 291 carrying the problematic content were exposed to a latent out-of-bounds read issue in the Content Interpreter," the company said.

"At the next IPC notification from the operating system, the new IPC Template Instances were evaluated, specifying a comparison against the 21st input value. The Content Interpreter expected only 20 values. Therefore, the attempt to access the 21st value produced an out-of-bounds memory read beyond the end of the input data array and resulted in a system crash."

Besides validating the number of input fields in the Template Type at sensor compile time to address the issue, CrowdStrike said it also added runtime input array bounds checks to the Content Interpreter to prevent out-of-bounds memory reads and corrected the number of inputs provided by the IPC Template Type.

"The added bounds check prevents the Content Interpreter from performing an out-of-bounds access of the input array and crashing the system," it noted. "The additional check adds an extra layer of runtime validation that the size of the input array matches the number of inputs expected by the Rapid Response Content."

On top of that, CrowdStrike said it plans to increase test coverage during Template Type development to include test cases for non-wildcard matching criteria for each field in all (future) Template Types.

Some of the sensor updates are also expected to resolve the following gaps -

*   The Content Validator is being modified to add new checks to ensure that content in Template Instances does not include matching criteria that match over more fields than are being provided as input to the Content Interpreter

*   The Content Validator is being modified to only allow wildcard matching criteria in the 21st field, which prevents the out-of-bounds access in the sensors that only provide 20 inputs

*   The Content Configuration System has been updated with new test procedures to ensure that every new Template Instance is tested, regardless of the fact that the initial Template Instance is tested with the Template Type at creation

*   The Content Configuration System has been updated with additional deployment layers and acceptance checks

*   The Falcon platform has been updated to provide customers with increased control over the delivery of Rapid Response Content

Last but not least, CrowdStrike said it has engaged two independent third-party software security vendors to conduct further review of the Falcon sensor code for both security and quality assurance. It's also carrying out an independent review of the end-to-end quality process from development through deployment.

It has further pledged to work with Microsoft as Windows introduces new ways to perform security functions in user space as opposed to relying on a kernel driver.

"CrowdStrike's kernel driver is loaded from an early phase of system boot to allow the sensor to observe and defend against malware that launches prior to user mode processes starting," it said.

"Providing up-to-date security content (e.g., CrowdStrike's Rapid Response Content) to these kernel capabilities enables the sensor to defend systems against a rapidly evolving threat landscape without making changes to kernel code. Rapid Response Content is configuration data; it is not code or a kernel driver."

The release of the root cause analysis comes as Delta Air Lines said it has "no choice" but to seek damages from CrowdStrike and Microsoft for causing massive disruptions and costing it an estimated $500 million in lost revenue and extra costs related to thousands of canceled flights.

Both CrowdStrike and Microsoft have since responded to the criticism, stating they are not to blame for the days-long outage and that Delta declined their offers for on-site assistance, indicating that the carrier's problems could run a lot deeper than its Windows machines going down as a result of the faulty security update.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CrowdStrike Reveals Root Cause of Global System Outages

PRESS RELEASE

NEW YORK – Today, Verizon Business released its 2024 Mobile Security Index (MSI) report outlining the top threats to mobile and IoT device security. This year’s report, in its seventh iteration, goes beyond employee-level mobile usage and extends into the usage of IoT devices and sensors and the security concerns the growth of these devices can present especially as remote work continues to be a trend. This expanded view of mobile security concerns for organizations showcases the evolving threat landscape that CIOs and other IT decision makers must contend with.

As dependency on mobile devices grows, so too do the risks, especially in critical infrastructure sectors where the consequences of security breaches can be catastrophic. The 2024 MSI, which surveyed 600 people responsible for security strategy, policy and management, underscores this point.

**Employees are using more mobile and IoT devices, leading to increased cyber risks**

The survey finds that 80% of respondents consider mobile devices critical to their operations, while 95% are actively using IoT devices. However, this heavy reliance comes with significant security concerns. In critical infrastructure sectors, where 96% of respondents report using IoT devices, more than half state that they have experienced severe security incidents that led to data loss or system downtime.

“These findings highlight the continued friction that employers face as more and more work is done on personal mobile devices,” said Phil Hochmuth Research VP, enterprise mobility at IDC. “This is why we are seeing more and more employers move from a pure bring-your-own-device model to employer provided devices where CIO’s can have greater governance to protect critical infrastructure from cyber attacks."

Additionally, Hochmuth says, organizations should adopt robust frameworks such as Zero Trust and the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) 2.0, and comply with mandates like the European Union’s NIS2 Directive.

**Emerging AI cyberthreats meet new AI defenses**

Emerging artificial intelligence (AI) technologies are expected to exacerbate the mobile threat landscape, but it also presents opportunities for defense. A striking 77% of respondents anticipate that AI-assisted attacks, such as deepfakes and SMS phishing, are likely to succeed. At the same time, 88% of critical infrastructure respondents acknowledge the growing importance of AI-assisted cybersecurity solutions.

**Accounting for IoT growth in cybersecurity planning**

With companies increasingly deploying IoT devices, their digital landscapes are evolving, creating a need for cybersecurity strategies to evolve in kind.

“The Industrial Internet of Things (IIoT) is giving rise to a massive expansion in mobile device technology that goes well beyond phones, tablets and laptops. Enterprise networks now include all sorts of sensors and purpose-built devices that monitor, measure, manage and control commercial tasks and data flow,” said TJ Fox, SVP of Industrial IoT and Automotive, Verizon Business. “That IIoT growth brings with it a proportionate need for more knowledge, awareness and IT solutioning to ensure the security of those increasingly sophisticated networks. The growing importance that IoT plays in our customer’s technology ecosystem underscores why it should be a component in any sound cybersecurity program.”

**What business leaders should know**

The 2024 MSI helps inform cybersecurity decisions for leaders of businesses of all sizes and in key sectors. As mobile and IoT threats rise, the need for robust security measures has never been greater. In response to these growing threats, 84% of respondents have increased their mobile device security spending over the past year, with 89% of critical infrastructure respondents planning further increases.

This year’s MSI includes contributions from Verizon’s partners including Ivanti, Lookout, Jamf among others.  Help your organization lower cyber risks by deploying comprehensive security protections, continuous employee education and advanced threat detection capabilities. Read the Verizon Business 2024 Mobile Security Index to learn more about suggested best practices your organization can implement.

Verizon Business 2024 Mobile Security Index Reveals Escalating Risks in Mobile and IoT Security

PRESS RELEASE

WILMINGTON, Del.--(BUSINESS WIRE) -- Today, Intel 471, the premier provider of cyber intelligence-driven solutions worldwide, sponsored a partnership of 28 industry leaders serving public and private organizations across the vendor and consumer community. Together, these professionals volunteered their time, effort, and experience to launch the first version of the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), designed as the first-of-its kind vendor agnostic and universally applicable resource to support organizations of all shapes and sizes across the CTI industry. In today’s evolving threat landscape, the sign of a successful Cyber Threat Intelligence (CTI) program is a mature program that seamlessly integrates with an organization’s core objectives and key outcomes.

“Unlocking the full potential of your CTI program requires alignment with the capabilities of each stakeholder it supports, and a tangible measurement of success synchronized with organizational priorities,” said Michael DeBolt, Chief Intelligence Officer at Intel 471. “The CTI Capability Maturity Model (CTI-CMM) is designed to support CTI teams in building their capabilities by aligning to defined practices for stakeholder business domains unique to each organization. The Model establishes shared values and principles across the industry to empower organizations to take a holistic approach to cyber threat intelligence with stakeholders in mind.”

“Advising numerous clients globally, I have observed a consistent need for an outcome-focused model for cyber intelligence programs. The CTI-CMM bridges the gap to help CTI programs create impactful and demonstrable value for their organization,” said Colin Connor, CTI Services Manager at IBM X-Force.

The all-volunteer team behind the CTI-CMM is comprised of professionals representing a wide range of sectors, geographic regions, backgrounds and experiences, including leaders from Intel 471, IBM, Kroger, Venation, Mandiant, IntL8, Regfast, Trellix, Autodesk, Centre for Cybersecurity Belgium (CCB), Northwave Cyber Security, Workday, Marsh McLennan, Signify, Tidal Cyber, DeepSeas, BP, Gojek, SAND and many more. These individuals created CTI-CMM to elevate cyber threat intelligence across the industry through knowledge and experiences. Together, they defined the following values and principles to support the CTI community moving forward:

Shared Values

*   Intelligence provides value through collaboration with our stakeholders and supporting their decision-making process.
    
*   Intelligence is never completed. Improvement is continuous. This also applies to adoption. Constant improvement is crucial for success and distinguishing from other models which failed to keep up with the time.
    
*   Intelligence is not proprietary, nor is it prescriptive. Therefore, the model should never be claimed by a single commercial party.
    

Shared Principles

*   Contextualizing threat intelligence within risk
    
*   Continuous self-assessment and improvement
    
*   Actionable intelligence based on stakeholder needs
    
*   Quantitative and qualitative measurement of intelligence
    
*   Collaborative and iterative intelligence processes
    

This team made the decision to design the CTI-CMM to align with industry best practices and the concepts and format of a recognized cybersecurity maturity model, the Cybersecurity Capability Maturity Model (C2M2). Similar to the C2M2, the CTI-CMM is organized into ten domains. Each domain includes a “Domain Purpose” followed by a “CTI Mission'' description describing how the CTI function supports it and consists of the CTI Use Cases and CTI Data Sources.

The CTI-CMM is the blueprint for a successful and effective CTI program. It exists to support the people who make decisions and take action to protect organizations. For more information, please visit: https://cti-cmm.org/

About Intel 471

Intel 471 empowers enterprises, government agencies, and other organizations to win the cybersecurity war using the real-time insights about adversaries, their relationships, threat patterns, and imminent attacks relevant to their businesses. The company's platform collects, interprets, structures, and validates human-led, automation-enhanced intelligence, which fuels our external attack surface and advanced behavioral threat hunting solutions. Customers utilize this operationalized intelligence to drive a proactive response to neutralize threats and mitigate risk. Organizations across the globe leverage Intel 471’s world-class intelligence, our trusted practitioner engagement and enablement and globally dispersed ground expertise as their frontline guardian against the ever-evolving landscape of cyber threats to fight the adversary -- and win. Learn more at https://intel471.com/.

Cybersecurity Industry Leaders Launch the Cyber Threat Intelligence Capability Maturity Model

PRESS RELEASE

ROCKVILLE, Md., Aug. 1, 2024 /PRNewswire/ -\- Dataprise, a distinguished provider of managed services (MSP) and managed security services (MSSP), today announced the acquisition of Phoenix IT, a cybersecurity incident response and managed service provider in Arizona. The acquisition broadens Dataprise's Cybersecurity platform with new Incident Response & Remediation Services and expands the company's managed services regional footprint to Arizona.

Dataprise's mission is to combine powerful, enterprise-grade solutions with local, personalized service delivery for outstanding client experiences. Phoenix IT uniquely adds to both commitments by enabling Dataprise to offer comprehensive incident response and remediation services, and to expand its reach to clients in Phoenix, AZ.

"Phoenix IT has built a prestigious reputation as the go-to for cyber incident response and recovery among clients and partners nationwide while cultivating a strong regional MSP business. This security-minded, client-first culture aligns naturally with Dataprise and will enable accelerated value on both fronts for clients. We look forward to bringing unexpected value to both Dataprise's clients with the new IR capabilities and Phoenix IT's clients with access to an end-to-end portfolio of IT services," said William Flannery, Chief Executive Officer, Dataprise.

"We are experiencing a rapid growth phase at Phoenix IT, driven by the increasing demand for our Incident Response & Recovery Services and the exceptional work of our expert team. Simultaneously, our commitment to supporting local Phoenix businesses enables us to maintain a comprehensive focus on the client experience," said Nathan Phillips, Founder and CEO of Phoenix IT. "Dataprise is a perfectly aligned partner for our business and clients, and we look forward to robust growth together as we continue to ensure our clients' safety and security."

"Phoenix IT has an exceptional leadership team, dedicated cybersecurity professionals, and a significant presence in Phoenix—a region of strong growth and opportunity. This blend makes Phoenix IT an ideal addition as Dataprise advances our strategy to expand our nationwide footprint and deliver the most advanced Cybersecurity portfolio in the market," said Christian Fulmino, SVP of M&A, Dataprise.

Lance Meilech served as the investment banker on the sale of Phoenix IT. 

About Dataprise  
Dataprise is a portfolio company of Trinity Hunt Partners, a growth-oriented private equity firm. Founded in 1995, Dataprise believes that technology should enable our clients to be the absolute best at what they do. This commitment to client success is why Dataprise is recognized as the premier strategic managed service and security partner to strategic CIOs and IT leaders across the United States. Dataprise delivers best-in-class managed cybersecurity, disaster recovery as a service (DRaaS), managed infrastructure, cloud, and managed end-user services that transform business, enhance user experiences, and eliminate risks. Dataprise has offices across the United States, employs 500+ of the industry's best and brightest, and supports more than 2,000 clients.

You May Also Like

Dataprise Acquires Phoenix IT Adding Cyber Incident Response &amp; Remediation Services

PRESS RELEASE

AUSTIN, Texas--(BUSINESS WIRE)-- Votiro, innovator in Zero Trust Data Detection and Response (DDR) and trusted to deliver safe and compliant content to industry leaders across the globe, announces an expansion of privacy toolsets and integrations within its DDR platform. New features include the ability to mask privacy data within documents in real-time, continuous monitoring and reporting on where unstructured data travels throughout an organization, alerts around potential compliance violations, and expanded integrations with key technology partners.

“Despite a growing data security market, data breaches are still running rampant, leading to more stringent data protection and privacy regulations,” said Darin Sanders, CRO at Novacoast. “Compliance has again become a major focus across many industries, and both Novacoast and Votiro are dedicated to helping these organizations not only quickly achieve a compliant posture but stay that way. Votiro’s Zero Trust DDR platform is the answer for teams looking for visibility, reporting, control, and masking.”

With enhanced data privacy functionality, Votiro’s Zero Trust DDR is now well positioned to address both facets of data security in a unified platform – data privacy risks and malware threats. Key new features and integrations include:

1.  Data masking and de-masking: Personally identifiable information (PII) or sensitive enterprise data is masked (obfuscated) while in-transit to satisfy various regional and international data regulations and privacy requirements. Users can also de-mask data based on established enterprise policy controls.
    
2.  Enhanced privacy and threat analytics dashboard: New analytics provided include, but are not limited to, commonly targeted channels and entry points, user behavior, the types of data being ingested and shared throughout the organization, and real-time logging of the files/data detected and masked/sanitized by Votiro.
    
3.  Expanded integration within the Microsoft ecosystem: Real-time data detection and response can be applied throughout the organization. In addition to Microsoft Office 365, Votiro now supports Microsoft Teams, SharePoint, and OneDrive to ensure seamless and safe collaboration for MS users and third-party contributors.
    
4.  Monitoring and masking static environments: If threat actors gain access to secure environments, sensitive data housed within these channels is already anonymized based on permissions and made useless to unauthorized parties looking to exfiltrate PII.
    

“We launched the industry’s first unified content security platform earlier this year to safeguard organizational data against privacy risks and malware threats and simplify compliance efforts. Since the initial launch, our team has been building new innovations within the Zero Trust DDR platform to further support this mission,” said Ravi Srinivasan, CEO at Votiro. “The newly available functionalities are plugging the gaps in many endpoint and reactive-only solutions, providing our customers with a one-stop-shop for preventative, data-centric security.”

Votiro is poised to grow internationally with notable new partnerships including Novacoast, an international cybersecurity company providing IT services and software development, and CyberKis, a full-service cybersecurity company in Israel. Votiro also serves governments worldwide, including government agencies and organizations in Japan with Asgent, where Votiro holds the dominant market position in terms of sales revenue for the last seven consecutive years.

Headed to BlackHat? Votiro will be there! Book time with Ravi Srinivasan if you want to chat more about the evolution of the data security market, Votiro’s Zero Trust DDR, or partnership opportunities.

To book a demo, start a free 30-day trial, or learn more about Votiro’s commitment to preventing privacy risks and malware threats, visit www.votiro.com.

About Votiro

Votiro's Zero Trust Data Detection & Response platform allows data to flow freely and safely. Our unified data security solution provides organizations around the globe with real-time privacy masking, data compliance, proactive file-borne threat prevention, and actionable data insights. The seamless, open-API proactively prevents risks to private data in-motion by detecting and masking information while disarming known and unknown cyber threats before they reach user endpoints.

Votiro is headquartered in Austin, TX, with offices in Australia, Israel, and Singapore. Votiro is SOC 2 Type II compliant. Learn more at www.votiro.com.

Votiro Unveils New Data Privacy Features and Integrations

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?**

The attacker must have permissions to access the target's System directory to plant the malicious folder that would be used as part of the exploitation.

CVE-2024-38202: Windows Update Stack Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?**

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-21302: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

The 23rd edition of Microsoft’s BlueHat security conference will be hosted by the Microsoft Security Response Center (MSRC) at the Redmond, WA corporate campus, October 29 and 30, 2024. BlueHat brings together security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and best practices, all in the interest of creating a safer and more secure world for everyone.

  

The 23rd edition of Microsoft’s BlueHat security conference will be hosted by the Microsoft Security Response Center (MSRC) at the Redmond, WA corporate campus, October 29 and 30, 2024. 

BlueHat brings together security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and best practices, all in the interest of creating a safer and more secure world for everyone. 

Beginning in 2005 to provide Microsoft’s burgeoning internal security community with external perspectives on Microsoft and industry at large, BlueHat has evolved to is one of the longest -running security research and response conferences in the industry.  

**The BlueHat 2024 Call for Papers (CFP) is now open through August 30, 2024.**

The two-day BlueHat conference provides an opportunity to showcase thought leadership in the vulnerability and mitigation space, emerging security threats and techniques, new and novel research findings, calls-to-action for the security community, and much more. 

The Call for Papers is open to all, and we encourage everyone in the security community (yes you!) to consider submitting either a 45-minute Breakout Session or a 15-minute Lightning Talk. 

Here are some possible topics for submission. These are meant to be inspirations, not boundaries. We can’t wait to see what you share with the community. 

*   Securing AI and Machine Learning Systems 
    
*   Applied Cryptography 
    
*   Cybersecurity Careers 
    
*   Cybersecurity Policy 
    
*   Data Forensics & Incident Response 
    
*   Detection Techniques at Scale 
    
*   Exploit Development 
    
*   Human Factors 
    
*   IoT/OT Critical Infrastructure Security 
    
*   Quantum Security 
    
*   Red Team/Blue Team Lessons Learned 
    
*   Reverse Engineering 
    
*   Virtualization and Container Security 
    

If you have submitted a case to MSRC that has been fully resolved, marked complete, and at least 30 days have passed since fixes have been published and impacted customers notified, we encourage you to consider submitting your research findings to present at BlueHat.  

And if you would like to explore co-presenting your research in partnership with a Microsoft technical subject matter expert familiar with your case, please email bluehat@microsoft.com to discuss.  

To learn more about the BlueHat conference, Call for Papers process, and ideas for paper submissions, watch or listen to this Experts Forum conversation with Lee Holmes, Marissa Quebbeman, Raul Rojas and Roberto Rodriguez or view session recordings on demand from prior BlueHat events. 

We will be announcing more details soon, including registration information, keynotes, and more. 

Block your calendars, submit your paper, and get ready for BlueHat. Follow @MSFTBlueHat on X (formerly known as Twitter) or Microsoft Security Response on LinkedIn for updates and announcements, and use #BlueHat to join the conversation.

Latest News