Security News

Microsoft announced today that users would also be able to communicate with Bing Chat, the AI-powered chat-based version of its Bing search engine, via voice commands. "We know many of you love using voice input for chat on Mobile. It's now also available on desktop by clicking on the microphone icon in the Bing Chat box," the Bing Team said.

Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle phishing and business email compromise attack, Microsoft has revealed. "The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations," the tech giant disclosed in a Thursday report.

The Microsoft Azure Portal is down on the web as a threat actor known as Anonymous Suda claims to be targeting the site with a DDoS attack.At the same time, a threat actor known as Anonymous Sudan claims to be conducting a DDoS attack against the Microsoft Azure portal, sharing an image of the page not working.

Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as 'Anonymous Sudan' claims to be DDoSing the service. "We've reviewing OneDrive telemetry that captures this impact scenario to determine the source of the service access failures and begin identifying a mitigation plan."

If enterprises are going to protect themselves in a threat environment that is constantly changing and evolving, they need a posture management strategy that not only takes in industry standards and best practices from vendors but also learns from recent attacks, according to Israel Cohen, senior product manager for Microsoft 365 Defender. The software giant is therefore adding a capability to Microsoft 365 Defender that automatically maps techniques that were used in attacks against an organization, and then recommends what security pros can do to bolster their security posture and prevent a similar attack.

Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. The privacy protections also extend to third-party gaming publishers with whom Microsoft shares children's data, in addition to subjecting biometric information and avatars created from a children's faces to the privacy laws.

Along with paying the rather small fine, the FTC is also requiring the company to update its account creation process for children to prevent collection and storage of data, and extend those responsibilities to third-party publishers that Microsoft shares such data with. Xbox users trying to create an account weren't asked to involve a parent until after Microsoft collected all of that personally identifiable information.

Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission charges over Children's Online Privacy Protection Act violations. COPPA is a U.S. federal law designed to protect the privacy of children under the age of 13 on the internet by requiring parental consent, the ability to review and ask for the deletion of the child's personal information, the ability to refuse data collection, implement security protections for the collected information, and more when registering online accounts.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site," the Microsoft Threat Intelligence team tweeted Sunday night.