Security News

Copilot can access all the sensitive data that a user can access, which is often far too much. In this post I'm going to focus specifically on data security and how your team can ensure a safe Copilot rollout.

Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and...

Now Microsoft plans to extend Kerberos in the versions of Windows and Windows Server that will ship in the next two years to help organizations move off NTLM. Here's what will change and how to prepare. How can I get ready to move off NTLM? Just over half of NTLM usage is for applications that hardcode in using NTLM. If you've done that in your own applications, you'll need to update the application: There aren't any shims or workarounds that Microsoft can do in Windows.

Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors. Blackwing Intelligence security researchers discovered vulnerabilities during research sponsored by Microsoft's Offensive Research and Security Engineering to assess the security of the top three embedded fingerprint sensors used for Windows Hello fingerprint authentication.

Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft Threat Intelligence, activity suspected to be linked with the altered CyberLink installer file surfaced as early as October 20, 2023.

Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to earn up to $20,000 for the most critical bugs. Microsoft Defender includes various products and services that are build to secure and protect Microsoft users.

Interview Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade - with $60 million awarded to bug hunters in the past five years alone, according to Redmond. She credited Katie Moussouris, who played a key role in convincing Redmond's top brass that Microsoft needed a bug bounty program - despite execs vowing never to pay researchers for bugs.

Microsoft is now rolling out the Copilot AI assistant to eligible non-managed systems enrolled in the Windows Insider program and running Windows 10 22H2 Home and Pro editions. "Windows Insiders on eligible devices in the Release Preview Channel who already did this with last week's update should see Copilot in Windows shortly," the Windows Insider Program Team said on Monday.

Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000.Currently, the Microsoft Defender Bounty Program is limited in scope and will focus solely on Microsoft Defender for Endpoint APIs.

Organizations using Microsoft Azure will have access to confidential virtual machines in Azure on Dec. 1, allowing greater privacy and compliance. Confidential VMs:. SEE: Windows 10 users can now try out the AI assistant Microsoft Copilot.