Microsoft, OpenAI move to fend off genAI-aided hackers — for now

Of all the potential nightmares about the dangerous effects of generative AI (genAI) tools like OpenAI’s ChatGPT and Microsoft’s Copilot, one is near the top of the list: their use by hackers to craft hard-to-detect malicious code. Even worse is the fear that genAI could help rogue states like Russia, Iran, and North Korea unleash unstoppable cyberattacks against the US and its allies.

The bad news: nation states have already begun using genAI to attack the US and its friends. The good news: so far, the attacks haven’t been particularly dangerous or especially effective. Even better news: Microsoft and OpenAI are taking the threat seriously. They’re being transparent about it, openly describing the attacks and sharing what can be done about them.

To read this article in full, please click here

Read more

Microsoft fixes two zero-days with Patch Tuesday release

Microsoft on Tuesday released 73 updates in its monthly Patch Tuesday release, addressing issues in Microsoft Exchange Server and Adobe and two zero-day flaws being actively exploited in Microsoft Outlook (CVE-2024-21410) and Microsoft Exchange (CVE-2024-21413).

Including the recent reports that the Windows SmartScreen vulnerability (CVE-2024-21351) is under active exploitation, we have added “Patch Now” schedules to Microsoft Office, Windows and Exchange Server. The team at Readiness has provided this detailed infographic outlining the risks associated with each of the updates for this cycle.

To read this article in full, please click here

Read more

Microsoft and the Taylor Swift genAI deepfake problem

The last few weeks have been a PR bonanza for Taylor Swift in both good ways and bad. On the good side, her boyfriend Travis Kelce was on the winning team at the Super Bowl, and her reactions during the game got plenty of air time. On the much, much worse side, generative AI-created fake nude images of her have recently flooded the internet.

As you would expect, condemnation of the creation and distribution of those images followed swiftly, including from generative AI (genAI) companies and, notably, Microsoft CEO Satya Nadella. In addition to denouncing what happened, Nadella shared his thoughts on a solution: “I go back to what I think’s our responsibility, which is all of the guardrails that we need to place around the technology so that there’s more safe content that’s being produced.”

To read this article in full, please click here

Read more

What a future without browser cookies looks like

Most online users have experienced it. You do an online search for healthcare purposes, travel information, or something to buy and soon you’re being bombarded with emails and targeted online ads for everything related to your search. That’s because browser cookies were tracking you as you performed your searches; they identified you and your activity.

Over the past few years, the online advertising industry has been undergoing a sea change as regulators restricted how cookies can be used and browser providers moved away from their use in response to consumer outcries over privacy.

“They often feel surveilled; some even find it ‘creepy’ that a website can show them ads related to their behavior elsewhere,” according to a recent study by the HEC Paris Business School.

To read this article in full, please click here

Read more

Russia hacks Microsoft: It’s worse than you think

Another day, another hack of Microsoft technology. Ho-hum, you might think, this has happened before and will happen again — as surely as the sun rises in the morning and sets at night.

This time is different. Because this time the targets weren’t Microsoft customers, but rather the top echelons of Microsoft itself. And the hacker group, called Midnight Blizzard, or sometimes Cozy Bear, the Dukes, or A.P.T. 29, is sponsored by Russia’s Foreign Intelligence Service (and has been since at least 2008).

To read this article in full, please click here

Read more

For Patch Tuesday, 48 updates, no zero-day flaws

Microsoft has eased us into the new new year with just 48 updates for the Windows, Office and .NET platforms. There were no zero-days for January, and no reports of publicly exposed vulnerabilities or exploited security issues.

Developers of complex, line-of-business applications might need to pay particular attention to how Microsoft has updated the Message Queue system. Printing has been patched and minor updates to bluetooth and Windows shell sub-systems (shortcuts and wallpaper) require some testing before deployment.

The team at Readiness has crafted a useful infographic that outlines the risks associated with each of the updates for this January release.

To read this article in full, please click here

Read more