< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles · page 41 of 42

Microsoft Word to Auto-Save New Documents to Cloud

📝 Microsoft is testing a change that will enable autosave and save new documents to OneDrive by default in Word for Windows, delivered first to Microsoft 365 Insiders in the Beta Channel with Version 2509 (Build 19221.20000) or later. Microsoft says the feature will come to Excel and PowerPoint for Windows later this year. Users can choose a local folder instead or toggle the behavior off via the Save page in Word options. Microsoft lists several known issues being addressed during testing.
read more →

Fake IT Support Phishing Targets Microsoft Teams Users

🔒 Researchers at Permiso have uncovered phishing campaigns that abuse Microsoft Teams by impersonating IT support to trick employees into installing remote access tools like QuickAssist and AnyDesk. Attackers gain full control of compromised endpoints, deploy credential-stealing malware and establish persistence. Campaigns are linked to the financially motivated actor EncryptHub and use simple impersonation tactics that bypass email defences. Security teams should monitor unusual external Teams activity and verify unexpected support requests.
read more →

Make Websites Conversational with NLWeb and AutoRAG

🤖 Cloudflare offers a one-click path to conversational search by combining Microsoft’s NLWeb open standard with Cloudflare’s managed retrieval engine, AutoRAG. The integration crawls and indexes site content into R2 and a managed vector store, serves embeddings and inference via Workers AI, and exposes both a user-facing /ask endpoint and an agent-focused /mcp endpoint. Publishers get continuous re-indexing, controlled agent access, and observability through an AI Gateway, removing much of the infrastructure burden for conversational experiences.
read more →

Storm-0501 Deletes Azure Data and Backups After Exfiltration

🔒 Microsoft Threat Intelligence details a campaign by Storm-0501 that exfiltrated data from a large enterprise’s Azure environment, then deleted backups and encrypted remaining resources to block recovery. The actor abused Entra Connect synchronization, elevated to Global Administrator, and used Azure Owner privileges to steal storage keys and transfer blobs via AzCopy. Microsoft recommends enabling blob backups, least privilege, logging, and Azure Backup to mitigate these cloud-native ransomware tactics.
read more →

Storm-0501 Exploits Entra ID to Exfiltrate Azure Data

🔐 Microsoft Threat Intelligence reports that the financially motivated actor Storm-0501 has refined cloud-native techniques to rapidly exfiltrate and delete data in hybrid Azure environments. The group leveraged on-premises footholds—using tools such as Evil-WinRM and a DCSync attack—to compromise an Entra Connect server and identify a non-human synced Global Admin account without MFA. With that account the attackers registered a threat actor-owned federated tenant as a backdoor, escalated Azure privileges, and proceeded to mass-extract data and remove resources and backups before extorting victims through compromised Microsoft Teams accounts. Microsoft has updated Entra ID behavior, released Entra Connect 2.5.3.0 to support Modern Authentication, and recommended enabling TPM, enforcing MFA, and other hardening controls.
read more →

Storm-0501 Debuts Brutal Hybrid Ransomware Chain Attack

🚨 Microsoft Threat Intelligence says financially motivated group Storm-0501 has refined a brutal hybrid ransomware chain that leverages hijacked privileged accounts to pivot from on‑prem Active Directory into Azure, exploiting visibility gaps to exfiltrate, encrypt, and mass‑delete cloud resources and backups. The actor used Evil‑WinRM for lateral movement and DCSync to harvest credentials, abused a non‑MFA synced global admin to reset passwords, and created a malicious federated domain for broad persistence. After exfiltration they deleted backups where possible, encrypted remaining cloud data, and initiated extortion via a compromised Microsoft Teams account. CISOs are urged to enforce least privilege, audit on‑prem assets, close cloud visibility gaps, and rehearse ransomware playbooks.
read more →

Storm-0501 Shifts to Cloud-Based Ransomware Tactics

🔒 Microsoft Threat Intelligence reports that financially motivated actor Storm-0501 has shifted from on‑premises endpoint encryption toward cloud‑native ransomware tactics emphasizing rapid data exfiltration, destruction of backups, and extortion. The actor leverages compromised Entra Connect sync accounts, DCSync, and hybrid‑joined devices to escalate to Global Administrator and gain full Azure control. In cloud environments they abuse Azure operations (listing storage keys, AzCopy exfiltration, snapshot and resource deletions) and create malicious federated domains for persistence and impersonation. Microsoft recommends hardening sync configurations, enforcing phishing‑resistant MFA, enabling Defender for Cloud and storage protections, and applying least‑privilege access controls.
read more →

Microsoft Tops Modern Endpoint Security Market Share

🔒 Microsoft Defender has been ranked number one in modern endpoint security market share for the third consecutive year, according to IDC’s 2024 report. Market share rose from 25.8% in 2023 to 28.6% in 2024, reflecting a 28.2% growth rate. Defender emphasizes cross-platform protection—Windows, macOS, Linux, iOS, Android, and IoT—leveraging AI-powered detection and built-in exposure management to enable rapid SOC response and attack disruption.
read more →

BlueHat Asia 2025 Call for Papers Closes Sept 5 — Bengaluru

📢 BlueHat Asia 2025 in Bengaluru is now accepting talk submissions through September 5, 2025. Hosted by the Microsoft Security Response Center (MSRC), the two-day event on November 5–6 invites security researchers and responders of all experience levels to present findings, lessons learned, and industry guidance. Topics of interest include vulnerability discovery and mitigation, exploit development and detection, AI/ML security, IoT/OT and critical infrastructure protection, DFIR, social engineering, and reverse engineering. Submissions require a title and a sufficiently detailed abstract; a full academic paper is not necessary, and MSRC cases may be presented only after at least 30 days have passed since the associated fix was published. To explore co-presentation or partnership opportunities, contact bluehat@microsoft.com.
read more →

BlueHat Asia 2025 CFP Open — Submit Papers by Sep 14

📣 BlueHat Asia 2025, hosted by the Microsoft Security Response Center (MSRC), will take place in Bengaluru, India on November 5–6, 2025. The Call for Papers is open through September 14, 2025, and submissions require only a talk title and a sufficiently detailed abstract—no formal paper is necessary. Speakers are invited to present practical research and lessons across topics such as vulnerability discovery and mitigation, exploit development and detection, securing AI and machine learning, IoT/OT and critical infrastructure security, DFIR, social engineering, malware, and reverse engineering. If you’ve reported a case to MSRC, consider presenting once at least 30 days have passed since the fix was published and impacted customers were notified.
read more →

Securing and Governing Autonomous AI Agents in Business

🔐 Microsoft outlines practical guidance for securing and governing the emerging class of autonomous agents. Igor Sakhnov explains how agents—now moving from experimentation into deployment—introduce risks such as task drift, Cross Prompt Injection Attacks (XPIA), hallucinations, and data exfiltration. Microsoft recommends starting with a unified agent inventory and layered controls across identity, access, data, posture, threat, network, and compliance. It introduces Entra Agent ID and an agent registry concept to enable auditable, just-in-time identities and improved observability.
read more →

postMessage Risks: Token Exposure and Trust Boundaries

🔒 MSRC presents a deep dive into misconfigured postMessage handlers across Microsoft services and the systemic risk posed by overly permissive trust models. The report, authored by Jhilakshi Sharma on August 25, 2025, documents token exfiltration, XSS, and cross-tenant impact in real-world case studies including Bing Travel, web.kusto.windows.net, and Teams apps. It summarizes mitigations such as removing vulnerable packages, tightening Teams app manifests, enforcing strict origin checks for postMessage, and applying CSP constraints to reduce attack surface.
read more →

Microsoft’s open-source journey: from Linux to AI scale

🔎 Microsoft recounts its transition from an early Linux contributor in 2009 to one of the largest open-source supporters in cloud and AI today. The post highlights Azure as a top contributor to the CNCF, the 2015 launch of VS Code, the 2018 GitHub acquisition, and the role of AKS and managed PostgreSQL in enterprise deployments. It also describes COSMIC, explains how OpenAI’s ChatGPT runs at global scale on Azure infrastructure, and lists projects Azure teams are building in the open.
read more →

Microsoft Named Leader in 2025 Gartner Magic Quadrant

🚀 Microsoft has been named a Leader in the 2025 Gartner Magic Quadrant for Cloud-Native Application Platforms and is positioned furthest to the right in Completeness of Vision. The announcement highlights a developer-first approach across containers, functions, APIs, and web frameworks, with integrated tools such as GitHub Copilot and Visual Studio. Azure emphasizes AI-native capabilities through Azure AI Foundry and platform innovations designed to accelerate agentic applications for enterprise scenarios.
read more →

Microsoft restricts Chinese firms' early MAPP exploit access

🔒 Microsoft has restricted distribution of proof-of-concept exploit code to MAPP participants in countries where firms must report vulnerabilities to their governments, including China. Affected companies will receive a more general written description issued at the same time as patches rather than PoC code, Microsoft said. The change follows the late-July SharePoint zero-day attacks and concerns about a possible leak from the early-bug-notification program.
read more →

Quantum-safe security: Progress toward PQC adoption

🔒 Microsoft outlines a multi-year plan to transition to post-quantum cryptography, stressing that preparation must begin now. The post highlights investments in both quantum research (including Majorana 1 and 4D geometric error correction) and cryptographic readiness, plus collaboration with standards bodies such as NIST and IETF. It describes tools like the Adams Bridge Accelerator, PQC previews, and the Quantum Safe Program with a phased roadmap targeting early adoption by 2029 and completion by 2033.
read more →

Dissecting PipeMagic: Architecture of a Modular Backdoor

🔍 Microsoft Threat Intelligence details PipeMagic, a modular backdoor used by Storm-2460 that masquerades as an open-source ChatGPT Desktop Application. The malware is deployed via an in-memory MSBuild dropper and leverages named pipes and doubly linked lists to stage, self-update, and execute encrypted payload modules delivered from a TCP C2. Analysts observed exploitation of CVE-2025-29824 for privilege escalation followed by ransomware deployment, with victims across IT, finance, and real estate in multiple regions. The report includes selected IoCs, Defender detections, and mitigation guidance to help defenders detect and respond.
read more →

Connect with Security Leaders at Microsoft Ignite 2025

🔒 Microsoft Security invites CISOs, SecOps leads, identity architects, and cloud security engineers to Microsoft Ignite 2025 in San Francisco (Nov 17–21) and online (Nov 18–21) to explore secure AI adoption and modern SecOps. Register with RSVP code ATXTJ77W to access the half-day Microsoft Security Forum (Nov 17), hands-on labs, live demos, and one-on-one meetings with experts. Attendees can join networking events including the Secure the Night party, pursue onsite Microsoft Security certifications, and engage in roundtables focused on threat intelligence, regulatory insights, and protecting data, identities, and infrastructure.
read more →

Agent Factory: Enterprise Design Patterns for Agentic AI

🤖 Microsoft introduces the Agent Factory series to share best practices and design patterns for enterprise agentic AI that reasons, acts, and collaborates across workflows. The post outlines five core patterns—tool use, reflection, planning, multi-agent, and ReAct—and links them to real-world outcomes such as reduced proposal time and automated incident delivery. It stresses the need for a unified platform to manage security, identity, observability, and connectors. Azure AI Foundry is presented as a scalable end-to-end solution with flexible model choice, 1,400+ connectors, open protocols, and managed Entra Agent ID and RBAC.
read more →

Microsoft Patch Tuesday: August 2025 Security Fixes

🔒 Microsoft released fixes for more than 100 vulnerabilities in August 2025, including at least 13 rated Critical. Notable flaws include CVE-2025-53786, which lets attackers pivot from compromised on‑premises Exchange Server instances into cloud tenant services, and CVE-2025-53779 (BadSuccessor), a Kerberos dMSA weakness that can yield domain admin rights. Other high‑risk bugs affect GDI+, Word preview and NTLM; several fixes require configuration steps beyond patch installation.
read more →