1 week Ago
Microsoft released video-based user verification to protect customers' credentials against phishing attacks, to make more than 95% of its customers safer. This is the series of updates in the efforts made by Microsoft to ensure that hackers cannot exploit vulnerabilities in how users authenticate. In the Secure Future Initiative (SFI) September 2024 progress report, Microsoft detailed several steps it was taking to protect against cyber threats.
The company said hackers have gained network access through most tactics, including password spray and phishing, along with stolen tokens. The hackers use that information to steal credentials and move laterally across systems undetected. A new video-based verification by Microsoft will require the user to authenticate by video.
This method reduces reliance on passwords that are commonly sought through phishing attempts. This verification update is now live for the vast majority of the users of Microsoft. To enhance security, Microsoft is now deploying an update that will rotate token signing keys automatically without human interaction.
Tokens are a critical component in managing user access permissions, session data, and information about devices, making them an attractive target for cybercriminals. Besides, there are upgrades in the features of Microsoft Purview so that attackers are restricted from taking sensitive credentials like a password or a token for future attacks. The tokens contain proprietary data making it hard to counterfeit them or repeat them in further attacks.
This is at the time when Microsoft released a suite of AI-powered capabilities as part of its Copilot Wave 2 , which Nadella calls "the UI for AI." According to a Microsoft report, most times, the threat actors initially gain access to a network, and then they keep on moving about within that network without immediately ringing the alarm to carry out their desired objectives. In this regard, the company has managed to take down more than 730,000 unused apps and eliminated 5.
75 million inactive tenants. Thus, reducing the attack surface for the company at large. The firm also enforced stricter security standards, curtailing the power of access to more than 75,000 users.
Microsoft has also introduced "proof of presence checks" to its critical junctures in software development code flow. The new security control is meant to prevent kinds of potential faults within the engineering systems and ensure that only authorized personnel can change or access any critical codebases. A year ago, a catastrophic Windows failure caused significant disruptions to infrastructure such as airports and hospitals.
Hacking news service Bleeping Computer said the event, which sent many systems to the blue screen of death (BSOD), traced the failure back to a bad software update issued by the cybersecurity firm Crowdstrike. In response, Microsoft said in a new announcement at its recent security summit that it is designing a new platform that would limit access to the Windows kernel by third-party vendors like Crowdstrike. In dealing with threats from growing cyber-attacks, Microsoft continues to strengthen its security framework through some innovations in authentication, token management, and network defense.
.
