News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Microsoft sends customers warning email that looks like spam
B2B Cyber ​​Security ShortNews

After the attack by Midnight Blizzard in January, Microsoft warned its customers in June by sending an explanatory email. It's just unfortunate that such an important message ends up in spam, as Microsoft apparently sent it without email authentication such as SPF or DKIM. Security experts are raising the alarm in many channels. Microsoft was attacked by Midnight Blizzard on January 12, 2024. The Russian-sponsored actors apparently had access to email accounts of high-ranking employees. However, the attackers are said to have had no access to the customer environments. Microsoft had dealt with the attack and informed many customers in June...

Read more

Prevent malicious activities from Microsoft Copilot
B2B Cyber ​​Security ShortNews

A data-centric cybersecurity provider is expanding its Microsoft 365 Copilot security solution and is now able to monitor and investigate risky prompts, responses, and references to sensitive files directly in the data security platform. Generative AI tools can significantly improve productivity. However, attackers and malicious insiders can also use the technology as a weapon to quickly capture and steal sensitive data. "Prompt hacking" is thus increasingly becoming a serious cyber threat. Only if this can also be defused can AI projects get off to a successful start. Microsoft Copilot monitor Varonis…

Read more

Win 11 Copilot+ Recall: Microsoft is building IT security under pressure
Copilot+ Recall: Microsoft is building IT security under pressure: MS - AI

Shortly after Microsoft boss Satya Nadella introduced Copilot+ Recall for Windows 11, IT security experts issued devastating verdicts and even used tools to read databases. The storm of indignation over so much incompetence in terms of security was so great that Microsoft delivered a new security concept within a very short time. Anyone who installed the new Microsoft 11 with Copilot+ Recall had the service automatically activated immediately: Windows 11 records the user's activities on the PC every 5 seconds, analyzes the images, extracts the text and writes everything into a database. The…

Read more

BSI and Zero Day Initiative warn of critical Azure vulnerability  
B2B Cyber ​​Security ShortNews

The Zero Day Initiative (ZDI) collects and verifies reported vulnerabilities. Now there is probably a critical vulnerability in Azure with the highest CVSS value of 10.0. The BSI also warns about the vulnerability - but there still doesn't seem to be a patch for it. The details of the critical vulnerability in Azure with CVSS value 10.0 are only briefly described: “This vulnerability allows remote attackers to bypass authentication with Microsoft Azure. No authentication is required to exploit this vulnerability.” Azure at risk – no patch to be found A further explanation can be found…

Read more

Microsoft's Copilot+ Recall: Dangerous total surveillance?
Microsoft's Copilot+ Recall: Dangerous total surveillance? Image AI - MS

Microsoft sees it as a super service, security experts as a disaster: Microsoft's Copilot+ Recall for Windows 11 records the user's activities on the PC every 5 seconds, analyzes the images, extracts the texts and writes everything into a database. In the test, experts read them completely in plain text - probably including passwords. Microsoft boss Satya Nadella’s announcement about Microsoft’s Copilot+ Recall for Windows 11 sounds cool at first: “Track your steps over time with Recall Search to find the content you need. Employ…

Read more

Keylogger steals login data from Exchange servers
B2B Cyber ​​Security ShortNews

The PT ESC Incident Response Team has discovered a new type of keylogger in the main page of a Microsoft Exchange Server. Everyone who logged in there handed over their login data. Many of the victims were probably in contact with government authorities. While responding to an incident, the Positive Technologies Expert Security Center (PT ESC) Incident Response Team discovered an unknown keylogger embedded in the main page of one of their customers' Microsoft Exchange Servers. This keylogger collected account credentials in a file that could be accessed from the Internet via a special path….

Read more

LKA warns: Cyber ​​attacks target Office 365 in companies
B2B Cyber ​​Security ShortNews

As part of current investigations by the State Criminal Police Office of North Rhine-Westphalia, it was found that many companies are currently affected by cyber attacks on Office 365 (e-mail and document management). These attacks also pose risks for companies connected to the corporate network as well as for their customers and communication partners. Unknown perpetrators take over email accounts and then send messages on behalf of the affected companies. These emails contain dangerous attachments or links. The emails look genuine because they do not contain any language errors, but often contain real previous conversations. As soon as a recipient clicks on the links, the IT system can be immediately attacked...

Read more

Phishing attacks: 60 percent increase worldwide
Phishing attacks: 60 percent increase worldwide

In 2023, the financial industry was most affected by phishing attacks. Criminals are increasingly using generative AI for voice phishing (vishing) and deepfake phishing to improve their tactics. Zscaler, released its annual Zscaler ThreatLabz 2024 Phishing Report, which analyzed two billion blocked phishing transactions in the Zscaler Zero Trust Exchange™ platform between January and December 2023. According to the report, global phishing attacks have increased by almost 60 percent year-over-year. The increase is due, among other things, to the use of generative AI in attack techniques such as voice phishing (vishing) and deepfake phishing. This year’s report contains trends on…

Read more

BSI is suing Microsoft for the release of information
B2B Cyber ​​Security ShortNews

The BSI has now had enough: The BSI had asked Microsoft several times how the hack on the email accounts hosted by Microsoft could happen and how Chinese hackers were able to penetrate Microsoft to such an extent. The answers were so sparse that the BSI is now taking legal action and is suing for the information. The BSI had patience with Microsoft for a long time, but this has now been exhausted. The BSI made several inquiries to Microsoft and wanted to find out more about the hacks on Microsoft's many email accounts. But Microsoft announced, according to the…

Read more

Cybersecurity for Microsoft 365 Copilot
Cybersecurity for Microsoft 365 Copilot

A specialist in data-centric cybersecurity presents Varonis for Microsoft 365 Copilot, the first purpose-built solution to protect the AI ​​assistant. It builds on the existing Microsoft 365 security suite and protects organizations both before and during deployment of Copilot by monitoring access to data in real time, detecting abnormal interactions, and preventing access to sensitive data by both humans and AI agents automatically limited. AI tools enable enormous increases in efficiency. However, if they are not adequately controlled, employees can inadvertently reveal sensitive information. In addition, cybercriminals are…

Read more