NewApp Digest
search bot

enterprise security

Microsoft extends Entra ID to WSL, WinGet
Winsage
November 20, 2024

Microsoft extends Entra ID to WSL, WinGet

Windows Subsystem for Linux (WSL) will introduce a new distribution architecture that allows IT professionals to create and distribute tailored distributions while adhering to enterprise security policies. WSL distributions will be installable from configurable source locations instead of relying on the Microsoft Store. These features are expected to be available for preview in the upcoming months. WinGet has integrated Entra ID in public preview, allowing IT professionals to manage access to the tool, ensuring only authorized personnel can install software. WinGet has also expanded its capabilities to enable enterprise customers to download line-of-business applications from any WinGet source using the new WinGet Download command, which is now generally available.
Microsoft Warns Millions Of Windows Users—Change Your Browser As New Attacks Underway
Winsage
October 12, 2024

Microsoft Warns Millions Of Windows Users—Change Your Browser As New Attacks Underway

Microsoft has issued a warning to Windows users about increasing attacks that exploit legitimate file hosting services, using tactics to evade security measures. These attacks involve fraudulent websites designed to harvest user credentials, prompting Microsoft to recommend the use of Microsoft Edge, which integrates with Microsoft Defender SmartScreen to block malicious sites. Microsoft previously advised Chrome users to update or stop using the browser due to a zero-day vulnerability, encouraging a shift to Edge. The attacks leverage trusted file-sharing platforms like Dropbox and OneDrive, deceiving users into opening malicious files. Microsoft emphasizes using Edge with conditional access policies and Microsoft Defender for enhanced security. Additionally, Microsoft is developing a privacy-preserving ads API for Edge, aiming to improve user privacy while addressing the challenges of third-party cookie tracking. This new API is currently in limited preview and requires manual activation in specific regions.
Microsoft Warns Millions Of Windows Users—Change Your Browser To Stop New Attacks
Winsage
October 9, 2024

Microsoft Warns Millions Of Windows Users—Change Your Browser To Stop New Attacks

Microsoft has issued a warning to Windows users about an increase in sophisticated attacks that use legitimate file hosting services to evade security measures. These attacks often involve fraudulent websites designed to steal user credentials, exploiting trusted platforms like Dropbox, SharePoint, and OneDrive. Microsoft recommends using Microsoft Edge, which can automatically block malicious websites through Microsoft Defender SmartScreen. The company has also advised enterprises to promote Edge and implement conditional access policies to enhance security. Recent trends show attackers manipulating enterprise security systems by using files with restricted access and view-only settings to deliver phishing emails. The ultimate goal of these attacks is typically the theft of organizational credentials for financial gain.
Microsoft explains how it's tackling security and privacy for Recall
Winsage
September 28, 2024

Microsoft explains how it’s tackling security and privacy for Recall

Microsoft's Recall feature for Copilot+ AI PCs was designed to help users locate past activities but faced backlash over security concerns related to constant screenshotting of user activity. In response, Microsoft delayed the rollout for Windows Insider beta testers and announced enhanced security measures, making Recall an opt-in feature by default and integrating Windows Hello biometric authentication. The feature will utilize encryption and VBS Enclaves to protect data, and users can opt to remove Recall entirely. Additional protective measures include rate-limiting and anti-hammering strategies, with a fallback PIN method after configuration. Recall will not retain private browsing data by default and will filter sensitive content. Microsoft has engaged a third-party vendor for penetration testing and security design review, while the Microsoft Offensive Research and Security Engineering team has been testing the feature.
Record-Breaking 3.15 Billion Packets Per Second DDOS Attack Towards Minecraft Server
AppWizard
September 2, 2024

Record-Breaking 3.15 Billion Packets Per Second DDOS Attack Towards Minecraft Server

Global Secure Layer (GSL) successfully mitigated a historic Distributed Denial of Service (DDoS) attack on a Minecraft gaming server that peaked at 3.15 billion packets per second (Gpps) on August 25, 2024. The attack had a bitrate of 849 Gbps and was the largest DDoS attack publicly recorded, surpassing previous records by 3.2 to 3.5 times. It was preceded by a smaller attack peaking at 1.7 Gpps, which likely served as reconnaissance for the larger assault. The attack originated from regions including Russia, Vietnam, and Korea, with significant traffic contributions from Korea Telecom and vulnerabilities in MAX-G866ac devices linked to CVE-2023-2231. GSL's mitigation strategies included reconfiguring targeted prefixes within 15 minutes and employing a heuristics anomaly detection engine, resulting in mitigation times of less than 100 milliseconds.
Microsoft unveils Surface Laptop 7th Edition and Surface Pro 11th Edition Copilot+ PCs running Windows 11
BetaBeacon
May 20, 2024

Microsoft unveils Surface Laptop 7th Edition and Surface Pro 11th Edition Copilot+ PCs running Windows 11

Microsoft has launched the Surface Laptop 7th Edition and Surface Pro 11th Edition, part of the Copilot+ series, tailored for business professionals. The devices feature Snapdragon X Elite and Plus processors, Windows 11 Pro, and Neural Processing Units (NPUs) for AI-driven tools. The Surface Laptop 7th Edition offers brighter displays, Wi-Fi 7 connectivity, and up to 22 hours of battery life. This marks a significant advancement in Microsoft's commitment to innovation in the enterprise sector.
Search