News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Security services with support for Microsoft Entra ID

There is a new update to the HYCU R-Cloud data protection platform that brings far-reaching innovations. This offers customers additional protection for their identity and access management (IAM) solutions with support for Microsoft Entra ID. With the announcement, companies receive item-level backup and recovery for Microsoft's widely used IAM solution together with Okta and cloud security services. With the latest SaaS integration, the total number of supported applications and cloud services has increased to over 80, making HYCU the number one SaaS data protection platform for users of SaaS applications who need fast recovery,...

Read more

Microsoft closes vulnerability in Azure Health Bot Service
B2B Cyber ​​Security ShortNews

The critical vulnerability found in Microsoft's Azure Health Bot Service has now been closed. It enabled server-side request forgery (SSRF) and allowed access to the internal metadata service. The Tenable Research Team discovered several privilege escalation vulnerabilities in the Azure Health Bot Service using server-side request forgery (SSRF). These vulnerabilities allowed researchers to access the service's internal metadata service (IMDS) and then provide access tokens that can be used to manage cross-tenant resources. By exploiting the vulnerability, a threat actor could have accessed hundreds of Azure customers' resources...

Read more

Windows: Critical security vulnerability in the IPv6 network stack
B2B Cyber ​​Security ShortNews

Experts have discovered a critical security hole in the IPv6 network stack in Windows with a CVSS value of 9.8. The hole affects all versions of Windows - even older ones. According to G DATA, the zero-click hole should be closed. Microsoft Windows has a serious security hole in the IPv6 network stack. This vulnerability affects all versions of Windows, presumably retroactively to Windows Vista. This security hole allows an attacker to take over a system just by sending a prepared data packet over the network and execute arbitrary code on it. Unlike other security holes, this does not require any interaction from the user. Experts are talking about...

Read more

Critical vulnerability in Microsoft Copilot Studio
B2B Cyber ​​Security ShortNews

Experts discovered a critical vulnerability in Microsoft Copilot Studio. The attackers penetrated via server-side request forgery (SSRF) and were thus able to access the internal infrastructure of Copilot Studio. Updates have probably already been implemented. The Tenable Research Team discovered a critical information disclosure vulnerability in Microsoft Copilot Studio using server-side request forgery (SSRF). This vulnerability gave researchers access to potentially sensitive data on internal processes of the service with potential cross-tenant impact. The vulnerability is due to improper handling of redirect status codes for user-configurable actions within Copilot Studio....

Read more

Microsoft: Defender updates for installation images
B2B Cyber ​​Security ShortNews

Microsoft is updating Windows Defender in the WIM and VHD installation images, including anti-malware definitions and software binaries. Administrators should only use these packages so that new devices are reasonably up-to-date immediately and do not have to wait hours for an update. The Defender update for Windows installation images now also applies to the Windows Imaging Format (WIM) and VHD (Virtual Hard Disk) formats. Windows 11, 10 and Server are supported in this new update, including Server 2016, whose maintenance status ends next year. For this reason, Microsoft has published detailed instructions for uninstalling and decommissioning. Windows Defender…

Read more

Security scan before deploying Microsoft 365 Copilot
B2B Cyber ​​Security ShortNews

A specialist in data-centric cybersecurity is offering a special free security scan to all companies planning to introduce Microsoft Copilot. Security officers can thus identify which data is not correctly classified and who can access which sensitive data via Copilot. Numerous companies are currently considering introducing AI assistants such as Microsoft Copilot in order to benefit from the potential efficiency gains. However, security and data protection concerns often represent a major hurdle. Microsoft Copilot can access all data that the respective user can access - and these are in…

Read more

Security: New Microsoft Entra Suite with Defender at its core
Microsoft is launching the new Microsoft Entra Suite and the Unified Security Operations Platform. These new solutions are designed to simplify the zero-trust security strategy and modernize security operations by providing comprehensive and integrated security solutions. Image by Gerd Altmann on Pixabay

Microsoft is launching the new Microsoft Entra Suite and the Unified Security Operations Platform. These new solutions are designed to simplify the zero-trust security strategy and modernize security operations by offering comprehensive and integrated security solutions. With the Entra Suite, the Redmond-based company aims to help companies modernize their security strategies, improve threat defense, and optimize identity and access rights management. The solutions are designed to meet the challenges of the modern cyber threat landscape while meeting operational requirements for efficiency and compliance. Microsoft Entra Suite The Entra Suite includes…

Read more

Microsoft sends customers warning email that looks like spam
B2B Cyber ​​Security ShortNews

After the attack by Midnight Blizzard in January, Microsoft warned its customers in June by sending an explanatory email. It's just unfortunate that such an important message ends up in spam, as Microsoft apparently sent it without email authentication such as SPF or DKIM. Security experts are raising the alarm in many channels. Microsoft was attacked by Midnight Blizzard on January 12, 2024. The Russian-sponsored actors apparently had access to email accounts of high-ranking employees. However, the attackers are said to have had no access to the customer environments. Microsoft had dealt with the attack and informed many customers in June...

Read more

Prevent malicious activities from Microsoft Copilot
B2B Cyber ​​Security ShortNews

A data-centric cybersecurity provider is expanding its Microsoft 365 Copilot security solution and is now able to monitor and investigate risky prompts, responses, and references to sensitive files directly in the data security platform. Generative AI tools can significantly improve productivity. However, attackers and malicious insiders can also use the technology as a weapon to quickly capture and steal sensitive data. "Prompt hacking" is thus increasingly becoming a serious cyber threat. Only if this can also be defused can AI projects get off to a successful start. Microsoft Copilot monitor Varonis…

Read more

Win 11 Copilot+ Recall: Microsoft is building IT security under pressure
Copilot+ Recall: Microsoft is building IT security under pressure: MS - AI

Shortly after Microsoft boss Satya Nadella introduced Copilot+ Recall for Windows 11, IT security experts issued devastating verdicts and even used tools to read databases. The storm of indignation over so much incompetence in terms of security was so great that Microsoft delivered a new security concept within a very short time. Anyone who installed the new Microsoft 11 with Copilot+ Recall had the service automatically activated immediately: Windows 11 records the user's activities on the PC every 5 seconds, analyzes the images, extracts the text and writes everything into a database. The…

Read more