Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Microsoft Security Response. Show all posts
Microsoft Security Response
Cyber Security Data protection Data Records data security Microsoft Microsoft 365 Security Microsoft Security Response

Windows Telemetry Explained: What Diagnostic Data Microsoft Collects and Why It Matters

 

Years after Windows 10 arrived, a single aspect keeps stirring conversation - telemetry. This data gathering, labeled diagnostic info by Microsoft, pulls details from machines without manual input. Its purpose? Keeping systems stable, secure, running smoothly. Yet reactions split sharply between everyday users and those watching privacy trends. 

Early on, after Windows 10 arrived, observers questioned whether its telemetry might double as monitoring. A few writers argued it collected large amounts of user detail while transmitting data to Microsoft machines. Still, analysts inspecting how the OS handles information report minimal proof backing such suspicions. 

Beginning in 2017, scrutiny from the Dutch Data Protection Authority revealed shortcomings in how Windows presented telemetry consent choices. Although designed to gather system performance details, the setup failed to align with regional privacy expectations due to unclear user permissions. 

Instead of defending the original design, Microsoft adjusted both interface wording and backend configurations. Following these updates, oversight bodies acknowledged improvements, noting no evidence emerged suggesting private information was gathered unlawfully. Independent analysts alongside regulatory teams had previously flagged the configuration, yet after revisions, compliance concerns faded gradually. 

What runs behind the scenes in Windows includes a mix of telemetry types - mainly split into essential and extra reporting layers. Most personal computers, especially those outside corporate control, turn on the basic tier automatically; there exists no standard menu option to switch it off entirely. This baseline layer gathers only what Microsoft claims is vital for stability and core operations. 

Though hidden from typical adjustments, its presence supports ongoing performance checks across devices. Basic troubleshooting relies on specific diagnostics tied to functions like Windows Update. Information might cover simple fault summaries, setup traits of hardware, software plus driver footprints, along with records tracking how updates succeed or fail. 

As noted by Microsoft, insights drawn support better stability fixes, safety patches, app alignment, and smoother running systems. Some diagnostic details go beyond basics, capturing patterns in app use or web habits. These insights might involve deeper system errors, performance signs, or hardware traits. 

While such data helps refine functionality, access remains under user control via Windows options. Those cautious about personal information often choose to turn this off. Control sits within settings, letting choices match comfort levels. Occasionally, memory dumps taken during system failures form part of Optional diagnostic data, according to experts. 

When a crash happens, pieces of active files might get saved inside these records. Because of this risk, certain groups managing confidential material prefer disabling the setting altogether. In 2018, Microsoft rolled out a feature named Diagnostic Data Viewer to boost openness. This tool gives people access to review what information their machine shares with the company, revealing specifics found in diagnostics and system summaries. 

One billion devices now operate on Windows 11 across the globe. Because of countless variations in hardware and software setups, Microsoft relies on telemetry data - this information reveals issues, shapes update improvements, yet supports consistent performance. While tracking user interactions might sound intrusive, it actually guides fixes without exposing personal details; instead, patterns emerge that steer engineering decisions behind the scenes. 

Even though some diagnostic details are essential for basic operations, those worried about personal data might choose to limit what gets sent by turning off non-essential diagnostics in device preferences. Still, full function depends on keeping certain reporting active.
Read more »
ransomware attacks
Cyber Attacks Cybersecurity awareness Gaming PC Microsoft Microsoft Security Response PC Ransomware attack prevention ransomware attacks

How to Protect Your PC from Ransomware with Windows Defender

 

Ransomware is a significant threat that can lock users out of their own files until a ransom is paid to recover the data. CBS News recently highlighted the devastating impact of ransomware, focusing on the Scattered Spider group, which caused millions in damage by targeting Las Vegas casinos. While personal computers are less common targets, it’s still crucial to take precautions. 

The best way to protect your system from ransomware is by avoiding sites or downloads likely to contain malware. However, using additional measures like modern antivirus software or built-in protections in Windows can enhance security. Microsoft Defender, integrated into Windows, offers ransomware protection, but users need to enable it manually. To activate ransomware protection in Windows, you must access the Windows Security app. This can be done by searching for “Windows Security” via the Start Menu or settings. Once inside the app, go to “Virus & threat protection” and activate Controlled folder access. 

This feature limits which applications can alter files in crucial folders, such as Documents, Pictures, and others. While trusted programs like Microsoft Office automatically retain access, unauthorized apps cannot modify or even see these folders until granted permission. This restriction is vital for stopping ransomware from encrypting sensitive files. An essential step to further enhance security is backing up your data. Windows Security facilitates this through integration with OneDrive. By logging into your OneDrive account, either through the Windows PC itself or directly in the OneDrive app, you can ensure automatic backups of your important files. 

This provides an additional layer of security, helping to recover encrypted data without paying a ransom. While OneDrive offers convenient cloud backup, it’s also recommended to keep offline backups. These backups are immune to ransomware that might affect your online accounts. Without an offline backup, relying solely on cloud services still leaves a vulnerability. Turning on ransomware protection comes with minor inconveniences, especially for those who save files in common folders. 

For instance, gamers might experience issues with save files being restricted, but this can be remedied by adding specific apps to the access list or adjusting where files are saved. Overall, securing your PC against ransomware involves enabling the built-in features in Windows, setting up OneDrive backups, and keeping an offline backup for extra safety. Taking these steps ensures you’re prepared in case your files are ever threatened by ransomware attacks.
Read more »
Russian Hackers
APT-29 Corporate emails Data Breach Microsoft Microsoft Emails Microsoft Security Response Midnight Blizzard Nobelium APT Password spray attacks Russian Hackers

Midnight Blizzard: Russian Threat Actors Behind Microsoft Corporate Emails’ Breach


On Friday, Microsoft informed that some of its corporate accounts suffered a breach in which some of its data was compromised. The attack was conducted by a Russian state-sponsored hackers group named “Midnight Blizzard.”

The attack was first detected on January 12th, and Microsoft in its initial investigation attributed the attack to the Russian threat actors, known famously as Nobelium or APT-29.

Microsoft informs that the threat actors launched the attacks in November 2023, in which they carried out a password spray attack in order to access a legacy non-production test tenant account. 

Password Spray Attack

A password spray attack is a type of brute force attack where threat actors collect a list of potential login names and then attempt to log in to all of them using a particular password. If that password fails, they repeat this process with other passwords until they run out or successfully breach the account.

Since the hackers were able to access accounts using a brute force attack, it is clear that it lacked two-factor authentication or multi-factor authentication.

Microsoft claims that after taking control of the "test" account, the Nobelium hackers utilized it to access a "small percentage" of the company's email accounts for more than a month.

It is still unclear why a non-production test account would have the ability to access other accounts in Microsoft's corporate email system unless the threat actors utilized this test account to infiltrate networks and move to accounts with higher permissions.

Apparently, these breached accounts include members of Microsoft’s leadership team and employees assigned to the cybersecurity and legal departments, targeted by hackers to steal emails and attachments. 

"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," the Microsoft Security Response Center shared in a report on the incident.

"We are in the process of notifying employees whose email was accessed."

Microsoft reaffirms that the incident was caused by the brute force password attack, rather than a vulnerability in their product services.

However, it seems that Microsoft’s poorly managed security configuration played a major role in the success of the breach.

While this investigation is underway, Microsoft stated that they will release more information when it is appropriate.  

Read more »
Subscribe to: Comments (Atom)