Security News

Microsoft announced today that an early preview of its AI-powered Windows Copilot personal assistant is rolling out to Insiders in the Windows 11 Dev Channel. "Once open, the Windows Copilot side bar stays consistent across your apps, programs and windows, always available to act as your personal assistant", said Panos Panay, Microsoft's head of Windows and Devices, in May. "It makes every user a power user, helping you take action, customize your settings and seamlessly connect across your favorite apps."

Microsoft has addressed a bug causing Windows Search and the Start Menu to become unresponsive and some Windows applications to no longer open. "The Start menu, Windows search, and Universal Windows Platform apps might not work as expected or might have issues opening," Microsoft says on the Windows health dashboard.

Microsoft has released Sysmon 15, converting it into a protected process and adding the new 'FileExecutableDetected' option to log when executable files are created. Users can find the complete list of directives in the Sysmon schema, which can be viewed by running the sysmon -s command at the command line.

Microsoft has addressed a known issue causing File Explorer on Windows 11 and Windows Server systems after viewing a file's effective access permissions. The known issue impacts systems running the latest Windows releases, including Windows 11 21H2/22H2 and Windows Server 2022.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The group, which drew worldwide attention for the SolarWinds supply chain compromise in December 2020, has continued to rely on unseen tooling in its targeted attacks aimed at foreign ministries and diplomatic entities.

Moving critical data and workloads to the cloud has significantly changed information security teams. Most don't have the resources to be successful in their cloud attack modeling-not to mention the deployment of measurable controls to defend against these evolving attacks.

Empowering Google security and networking solutions with AIIn this Help Net Security interview, Sunil Potti, GM and VP of Cloud Security at Google Cloud, talks about how new security and networking solutions powered by AI help improve security so Google customers can address their most pressing security challenges and remain ahead of an ever changing threat landscape. Infosecurity Europe 2023Infosecurity Europe took place at ExCeL London from June 20-22, 2023 and Help Net Security was on site.

Bug hunters who found security holes in Google - and also responsibly disclosed details of those flaws to the Chocolate Factory - earned more than $12 million in bounty rewards in 2022, marking a record year for the corporation's Vulnerability Reward Programs in terms of payouts and number of vulnerabilities found and fixed. Avrahami found several vulnerabilities and attack paths in Google Kubernetes Engine Autopilot that would allow an attacker to escape their pod, compromise the underlying node, escalate privileges to administrator level, and then deploy backdoors to maintain this access.

Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees' Microsoft Teams inbox. "Organisations that use Microsoft Teams inherit Microsoft's default configuration which allows users from outside of their organisation to reach out to their staff members," Jumpsec researcher Max Corbridge explained.