Security News

Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. AI-powered Bing experiences on bing.com in Browser AI-powered Bing integration in Microsoft Edge, including Bing Chat for Enterprise.

The feature aims to help organizations disrupt human-operated attacks like ransomware, business email compromise and adversary-in-the-middle, which start - more often than not - with compromised user accounts. Microsoft Defender for Endpoint is Microsoft's enterprise extended detection and response solution that detects threats on networks and systems and allows organizations' security staff to investigate and respond to attacks.

Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an...

Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new 'contain user' capability in public preview.According to Microsoft, Defender for Endpoint now prevents attackers' lateral movement attempts within victims' on-premises or cloud IT infrastructure by temporarily isolating the compromised user accounts they might exploit to achieve their objectives.

Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023. Today, Microsoft Threat Intelligence analysts shared more information about Storm-0062's involvement in CVE-2023-22515's exploitation and posted four offending IP addresses on a thread on Twitter.

In this post I'm going to focus specifically on data security and how your team can ensure a safe Copilot rollout. Microsoft relies heavily on sensitivity labels to enforce DLP policies, apply encryption, and broadly prevent data leaks.

Childs described the early years of Patch Tuesday at Microsoft being kind of a party, complete with catered breakfast and music. "Certainly a lot of large financial institutions and I imagine a lot of other organizations were part of really bringing pressure to bear to Microsoft to release it as an instance, a single time so we can plan for it, take a more measured approach and reduce a lot of the chaos that was prior to Patch Tuesday being a thing," he tells The Register.

Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials. Smart Links are part of LinkedIn's Sales Navigator service, used for marketing and tracking, allowing Business accounts to email content using trackable links to determine who engaged with it.

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws,...

Thankfully, there are complimentary Microsoft 365 security training modules. Improve your cloud security posture with Microsoft Defender for Cloud.