Security News

Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer. "No classified systems were hacked," said State Department spokesperson Matthew Miller during a press briefing Thursday.

Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. During a recent Senate staff briefing, U.S. State Department officials disclosed that the attackers stole at least 60,000 emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe, as Reuters first reported. Microsoft did not disclose specific details regarding the affected organizations, government agencies, or countries impacted by this email breach.

Microsoft's new AI image generation Paint tool powered by OpenAI's DALL-E text-to-image model is now rolling out to Windows Insiders in Dev and Canary channels. "With this update, we are excited to introduce Paint Cocreator, a new AI-powered experience powered by DALL-E that helps you create amazing artwork in Paint by describing in a few words what you'd like to create," said Dave Grochocki, Principal Product Manager Lead for Windows Inbox Apps.

Microsoft has unveiled Azure Update Manager, a SaaS tool tailored for enterprise clients to simplify the software update management process across different platforms. This tool represents an enhancement over the previous Azure Automation Update management solution. It empowers IT professionals to oversee software updates on Windows and Linux systems across Azure, on-premises, and multi-cloud settings.Azure Update Manager offers a suite of functionalities to IT administrators, enabling them to monitor the update compliance of their machines, whether they're based in Azure, on-premises, or other cloud infrastructures. Critical updates can be immediately deployed, ensuring systems remain secure. The tool also provides the capability to manage extended security updates for Azure Arc-enabled virtual machines. Furthermore, administrators have the option to schedule regular patching, determining specific time frames for the rollout of updates and system reboots.

Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system.The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step. Based on FIDO standards, Passkeys were first announced in May.

An inside look at NetSPI's impressive Breach and Attack Simulation platformIn this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation platform and discusses how it offers unique features - from customizable procedures to advanced plays - that help organizations maximize their ROI. How companies can take control of their cybersecurityIn this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. Critical Trend Micro vulnerability exploited in the wildTrend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.

Microsoft will start rolling out its Copilot digital assistant to all customers next week, on September 26th, together with a host of new AI-powered capabilities as part of a new Windows 11 22H2...

Here's a list of free Azure cybersecurity resources that Microsoft offers to anyone interested in learning. Prepare for cloud security by using the Microsoft Cloud Adoption Framework for Azure.

Microsoft said today that the Exchange Web Services API for Exchange Online and Office 365 will be retired in approximately three years. These resources can be retrieved from various sources, including Exchange Online, Exchange Online as part of Office 365, and on-premises editions of Exchange.

Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. "The exposure came as the result of an overly permissive SAS token - an Azure feature that allows users to share data in a manner that is both hard to track and hard to revoke," Wiz said in a report.