Security News

If enterprises are going to protect themselves in a threat environment that is constantly changing and evolving, they need a posture management strategy that not only takes in industry standards and best practices from vendors but also learns from recent attacks, according to Israel Cohen, senior product manager for Microsoft 365 Defender. The software giant is therefore adding a capability to Microsoft 365 Defender that automatically maps techniques that were used in attacks against an organization, and then recommends what security pros can do to bolster their security posture and prevent a similar attack.

Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. The privacy protections also extend to third-party gaming publishers with whom Microsoft shares children's data, in addition to subjecting biometric information and avatars created from a children's faces to the privacy laws.

Along with paying the rather small fine, the FTC is also requiring the company to update its account creation process for children to prevent collection and storage of data, and extend those responsibilities to third-party publishers that Microsoft shares such data with. Xbox users trying to create an account weren't asked to involve a parent until after Microsoft collected all of that personally identifiable information.

Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission charges over Children's Online Privacy Protection Act violations. COPPA is a U.S. federal law designed to protect the privacy of children under the age of 13 on the internet by requiring parental consent, the ability to review and ask for the deletion of the child's personal information, the ability to refuse data collection, implement security protections for the collected information, and more when registering online accounts.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site," the Microsoft Threat Intelligence team tweeted Sunday night.

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today.

After introducing a string of AI-powered assistants for its products, Microsoft has now announced that it will soon end support for the Windows standalone Cortana app. Initially introduced as part of the Windows Phone operating system, Cortana has since expanded to other platforms, including Windows 10, Android, and iOS. It's now deeply integrated into Microsoft's ecosystem and was designed to work closely with other Microsoft products.

Microsoft has warned investors about a "Non-public" draft decision by Irish regulators against LinkedIn for allegedly dodgy ad data practices, explaining it had set aside some cash to pay off any potential fine. The software giant said the funds were connected to a 2018 investigation by the Irish Data Protection Commission looking into whether LinkedIn's targeted advertising practices violated the the European Union's General Data Protection Regulation.

Determine exactly what personal information Microsoft Edge knows about you. Depending on how long you have been using Microsoft Edge, especially if you are using the syncing feature that shares data across all your Microsoft account-related computers, the list of stored personal information on this page could be extensive.