Security News

Microsoft has patched a vulnerability that exposed 38TB of private data from its AI research division. The repository held 38TB of private data, secrets, private keys, passwords and the open-source AI training data.

A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.This is despite Wiz claiming the leaky data bucket had private keys, passwords, and over 30,000 internal Microsoft Teams messages, as well as backup data from two employees' workstations.

Microsoft is finally rolling out support for layers and image transparency to the Paint image editor application 38 years after its launch. "You can now add, remove, and manage layers on the canvas to create richer and more complex digital art. With layers, you can stack shapes, text, and other image elements on top of each other," Grochocki said.

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data while contributing open-source AI learning models to a public GitHub repository. Microsoft linked the data exposure to using an excessively permissive Shared Access Signature token.

Google Chrome is set to enhance its user experience on the desktop by adding a "Read aloud" function, currently available for testing in the Canary version. A notable feature of Read Aloud is the adjustable playback speed, allowing users to control the rate at which articles are read aloud.

Microsoft's Edge browser, known for its innovative features, is now shedding one of its most applauded functions, Web Select. Accessed either via the menu or the Control+Shift+X shortcut, Web Select provided an edge over simple screenshot tools.

Get technical details about how this new attack campaign is delivered via Microsoft Teams and how to protect your company from this loader malware. A new report from global cybersecurity company Truesec reveals a new attack campaign leveraging Microsoft Teams to infect companies' users.

A set of memory corruption flaws have been discovered in the ncurses programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious actions," Microsoft Threat Intelligence researchers Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse said in a technical report published today.

Microsoft is investigating an ongoing outage preventing customers from sending or receiving messages using the company's Microsoft Teams communication platform. Microsoft confirmed the outage in a tweet published via its official Microsoft 365 status account, saying that more details can be found under TM675041 in the admin center.

Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. "Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats," the company said, adding the development marks a shift from using email-based initial infection vectors for initial access.