The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law.
Microsoft's new Copilot+ AI-powered computer history saving feature, Recall, was already being likened to one of the many fictional dystopian tech products found in episodes of Black Mirror on the very day it was announced last month.
Now that Recall is in the hands of cybersecurity experts, the reaction to the new Microsoft feature is somehow even worse than what critics imagined.
Microsoft’s Windows 11 Copilot+ PCs come with quite a few new AI and machine learning-driven features, but the tentpole is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is pitched as a way to help users remember where they’ve been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.
Translating human-readable domain names into numerical IP addresses has long been fraught with gaping security risks. After all, lookups are rarely end-to-end encrypted. The servers providing domain name lookups provide translations for virtually any IP address—even when they’re known to be malicious. And many end-user devices can easily be configured to stop using authorized lookup servers and instead use malicious ones.
In mid-June 2019, Microsoft co-founder Bill Gates and CEO Satya Nadella received a rude awakening in an email warning that Google had officially gotten too far ahead on AI and that Microsoft may never catch up without investing in OpenAI.
With the subject line "Thoughts on OpenAI," the email came from Microsoft's chief technology officer, Kevin Scott, who is also the company’s executive vice president of AI. In it, Scott said that he was "very, very worried" that he had made "a mistake" by dismissing Google's initial AI efforts as a "game-playing stunt."
Satya Nadella has made a habit on Microsoft’s earnings calls of touting the revenue growth in the company’s security technology business.
But today the Microsoft CEO took a different approach, talking instead about the Secure Future Initiative that the company launched last fall to improve its cybersecurity safeguards.
The U.S. Department of Homeland Security's Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.
Microsoft believes that last May's Exchange Online hack is linked to a threat actor known as 'Storm-0558' stealing an Azure signing key from an engineer's laptop that was previously compromised by the hackers at an acquired company.
Microsoft committed a “cascade” of “avoidable errors” that allowed Chinese hackers to breach the tech giant’s network and later the email accounts of senior US officials last year, including the secretary of commerce, a scathing US government-backed review of the incident has found.
Microsoft said in January that 2024 would be the year of the "AI PC," and we know that AI PCs will include a few hardware components that most Windows systems currently do not include—namely, a built-in neural processing unit (NPU) and Microsoft's new Copilot key for keyboards. But so far we haven't heard a whole lot about what a so-called AI PC will actually do for users.
Hackers backed by the North Korean government gained a major win when Microsoft left a Windows zero-day unpatched for six months after learning it was under active exploitation.
