Tag: microsoft
-
Vibe-codierte Ransomware auf Microsoft Marketplace entdeckt
Tags: access, ai, control, github, infrastructure, malware, marketplace, microsoft, ransomware, tool, vulnerabilityForscher haben eine Visual- Studio- Code-Erweiterung mit Ransomware-Funktionen entdeckt.Der Sicherheitsspezialist Secure Annex stellte kürzlich fest, dass eine Schadsoftware namens ‘Ransomvibe” in Erweiterungen für den Quellcode-Editor Visual Studio Code eingebettet wurde. ‘Sobald die Erweiterung aktiviert ist, wird zunächst die Funktion zipUploadAndEcnrypt ausgeführt. Diese Funktion wendet alle für Ransomware und Erpressungssoftware typischen Techniken an”, heißt es im…
-
Veeam erweitert die Unterstützung für Microsoft Sentinel
Durch die Integration von Veeam in führende Sicherheitstools wird die Sicherheitstransparenz von Backup-Daten erhöht, die Erkennung von Bedrohungen verbessert und die Reaktion auf Vorfälle automatisiert. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-erweitert-die-unterstuetzung-fuer-microsoft-sentinel/a42666/
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Backup-Informationen direkt im Security-Operations-Center
Veeam Software hat die Einführung der neuen Veeam-App für Microsoft-Sentinel bekannt gegeben. Die Lösung bietet eine fortschrittliche Integration mit der Veeam-Data-Platform und befähigt Unternehmen, Cyber-Bedrohungen und Backup-Anomalien zu erkennen, zu untersuchen und umgehend auf diese zu reagieren. Auf diese Weise erreichen Unternehmen mit Veeam Datensicherheit und operative Effizienz in Security-Operations-Centern (SOC). Da Cyber-Angriffe zunehmend auf…
-
Backup-Informationen direkt im Security-Operations-Center
Veeam Software hat die Einführung der neuen Veeam-App für Microsoft-Sentinel bekannt gegeben. Die Lösung bietet eine fortschrittliche Integration mit der Veeam-Data-Platform und befähigt Unternehmen, Cyber-Bedrohungen und Backup-Anomalien zu erkennen, zu untersuchen und umgehend auf diese zu reagieren. Auf diese Weise erreichen Unternehmen mit Veeam Datensicherheit und operative Effizienz in Security-Operations-Centern (SOC). Da Cyber-Angriffe zunehmend auf…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Neue Angriffsmethoden bedrohen Microsoft 365 & Azure-Umgebungen – Wie Angreifer KI nutzen, um Microsoft-365-Konten zu übernehmen
First seen on security-insider.de Jump to article: www.security-insider.de/ki-phishing-angriffe-microsoft-365-azure-a-84e7e0828a8405d2ae9874238a709957/
-
Neue Angriffsmethoden bedrohen Microsoft 365 & Azure-Umgebungen – Wie Angreifer KI nutzen, um Microsoft-365-Konten zu übernehmen
First seen on security-insider.de Jump to article: www.security-insider.de/ki-phishing-angriffe-microsoft-365-azure-a-84e7e0828a8405d2ae9874238a709957/
-
New Whisper-Based Attack Reveals User Prompts Hidden Inside Encrypted AI Traffic
Microsoft researchers have unveiled a sophisticated side-channel attack targeting remote language models that could allow adversaries to infer conversation topics from encrypted network traffic. Despite end-to-end encryption via Transport Layer Security (TLS), the attack exploits patterns in packet sizes and timing to classify the subject matter of user prompts sent to AI chatbots. The research…
-
New Whisper-Based Attack Reveals User Prompts Hidden Inside Encrypted AI Traffic
Microsoft researchers have unveiled a sophisticated side-channel attack targeting remote language models that could allow adversaries to infer conversation topics from encrypted network traffic. Despite end-to-end encryption via Transport Layer Security (TLS), the attack exploits patterns in packet sizes and timing to classify the subject matter of user prompts sent to AI chatbots. The research…
-
Microsoft teases agents that become ‘independent users within the workforce’
Licensing expert worries they’ll be out of control on day one First seen on theregister.com Jump to article: www.theregister.com/2025/11/10/microsoft_agentic_users_a365/
-
Microsoft teases agents that become ‘independent users within the workforce’
Licensing expert worries they’ll be out of control on day one First seen on theregister.com Jump to article: www.theregister.com/2025/11/10/microsoft_agentic_users_a365/
-
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack
Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak, which lets attackers who can monitor network traffic infer what users discuss with remote language models, even when the data is encrypted. The company warned that…
-
Microsoft findet Seitenkanalangriff Whisper-Leak in LLMs
Sicherheitsforscher haben eine neue Whisper-Leaks genannte Methode entdeckt, um einen Seitenkanalangriff auf die Kommunikation mit Sprachmodellen im Streaming-Modus durchzuführen. Durch geschicktes Ausnutzung von Netzwerkpaketgrößen und -timings könnten Informationen abgezogen werden. Mit der KI-Welle werden immer häufiger große Sprachmodelle (LLMs), KI-gestützte … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/09/microsoft-findet-seitenkanalangriff-whisper-leak-in-llms/
-
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model”¯conversation”¯topics despite encryption protections under certain circumstances.This leakage of data exchanged between humans and”¯streaming-mode language models could pose serious risks to First seen on thehackernews.com Jump…
-
New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks
Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just an email address”, even if the recipient isn’t a Teams user. While the feature, launching in targeted releases by early November 2025 and globally by January 2026, promises expanded connectivity across Android, desktop, iOS, Linux,…
-
‘Windows sucks,’ former Microsoft engineer says, explains how to fix it
Respecting users choices and offering a hardcore mode among key suggestions. First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/does_windows_really_suck_that/
-
Microsoft Backs Massive AI Push in UAE, Raising Security Concerns
In partnership with Emirates tech company G42, Microsoft is building the first stage of a 5-gigawatt US-UAE AI campus using Nvidia GPUs. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/microsoft-massive-ai-push-uae-security-concerns
-
Microsoft testing faster Quick Machine Recovery in Windows 11
Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-testing-faster-quick-machine-recovery-in-windows-11/
-
Microsoft’s data sovereignty: Now with extra sovereignty!
Under shadow of US CLOUD Act, Redmond releases raft of services to calm customers in the EU First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/microsoft_announces_strengthening_of_sovereignty/
-
Microsoft’s data sovereignty: Now with extra sovereignty!
Under shadow of US CLOUD Act, Redmond releases raft of services to calm customers in the EU First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/microsoft_announces_strengthening_of_sovereignty/
-
Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace
Tags: access, ai, control, credentials, data, data-breach, github, infrastructure, malicious, malware, marketplace, microsoft, ransomware, toolExtension pointed to a GitHub-based C2: Ransomvibe deployed a rather unusual GitHub-based command-and-control (C2) infrastructure, instead of relying on traditional C2 servers. The extension used a private GitHub repository to receive and execute commands. It routinely checked for new commits in a file named “index.html”, executed the embedded commands, and then wrote the output back…
-
Microsoft’s data sovereignty: Now with extra sovereignty!
Under shadow of US CLOUD Act, Redmond releases raft of services to calm customers in the EU First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/microsoft_announces_strengthening_of_sovereignty/
-
Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace
Tags: access, ai, control, credentials, data, data-breach, github, infrastructure, malicious, malware, marketplace, microsoft, ransomware, toolExtension pointed to a GitHub-based C2: Ransomvibe deployed a rather unusual GitHub-based command-and-control (C2) infrastructure, instead of relying on traditional C2 servers. The extension used a private GitHub repository to receive and execute commands. It routinely checked for new commits in a file named “index.html”, executed the embedded commands, and then wrote the output back…
-
Vibe Coding: Schrott-Ransomware in VS-Code-Marketplace aufgetaucht
Microsoft ist offenbar nicht sehr darum bemüht, Ransomware aus dem VS-Code-Marketplace zu halten. Zumindest, solange sie schlecht programmiert ist. First seen on golem.de Jump to article: www.golem.de/news/vibe-coding-schrott-ransomware-in-vs-code-marketplace-aufgetaucht-2511-201957.html
-
Wie CISOs vom ERP-Leid profitieren
Tags: ai, best-practice, business, cio, cisco, ciso, cloud, crowdstrike, cybersecurity, fortinet, mail, microsoft, network, resilience, service, siem, soar, threat, toolSecurity Platformization ist eine Herausforderung gut, wenn man vorher weiß, worauf es (nicht) ankommt.Studienerkenntnissen zufolge sind in einem durchschnittlichen (Groß-)Unternehmen zwischen 40 und 80 separate Sicherheits-Tools im Einsatz. Wildwuchs dieser Art führt regelmäßig zu:Security-Datensilos,Integrationsproblemen,fortlaufendem Wartungs- und Konfigurationsaufwand, oderAlert-Müdigkeit.Angesichts dieser Herausforderungen (und dem Marktpotenzial für entsprechende Lösungen) haben diverse Security-Anbieter Technologieplattformen aufgebaut etwa Cisco, Crowdstrike, Fortinet,…