Documente Academic
Documente Profesional
Documente Cultură
Reuters reported on August 2, 2016, that Iranian hackers compromised more than a dozen
accounts on the Telegram instant messaging service and identified the phone numbers of 15
million Iranian users. Telegram has issued a statement that the Iranian accounts "were not
accessed" and the released information was already in the public domain.
Microsoft on August 1, 2016, signed up for the EU-U.S. Privacy Shield and submitted its
certification to the U.S. Department of Commerce one of the first companies to do so.
Banner Health said that it discovered a cyberattack that took place from June 23, 2016 to July
7, 2016. The provider of hospital services has notified 3.7 million people including patients,
health plan members, healthcare providers, and customers at its food and beverage outlets
that their payment card and health plan data may have been compromised.
Russia's Federal Security Service (FSB) reports the discovery of a "cyber-spying virus" in the
networks of about 20 state organizations and scientific and defense companies.
South Korea Says North Korea Hacked Email Accounts of 56 State Officials
Softpedia
South Korean investigators say that they detected more than 90 attempts to hack the email
accounts of various state officials, and claim that the hackers used the same techniques they
employed in similar attacks they carried out against South Korean officials back in 2014.
Enterprise/SMB
Microsoft Brings Together IT Management and Security for the Hybrid Cloud
Microsoft Server & Cloud Blog
New and improved security features are now generally available for Microsoft Operations
Management Suite (OMS), a set of cloud-based services that offers analytics, automation,
configuration, security, backup, and site recovery.
Businesses would be wise to employ the following techniques to secure employees' laptops:
1. Laptop kill switch
2. Microsoft Hello authentication
3. Bulletproof Gmail access
4. Dell Advanced Threat Prevention
IBM QRadar User Behavior Analytics, a new app from IBM, will help businesses determine if
the credentials or systems of their own employees have been compromised.
Consumer/Mobile
Frequent Password Changes Are the Enemy of Security, FTC Technologist Says
Ars technica
When people are forced to change passwords on a regular basis (such as every 60 or 90 days),
research shows that they often use a transformation technique and just make small
adjustments to an existing password. Researchers used transformations and developed
algorithms that were able to predict password changes with great accuracy.
Google's HSTS Rollout: Forced HTTPS for Google.com Aims to Help Block Attacks
ZDNet
Google is forcing visitors to the google.com domain to do so only through secure HTTP Strict
Transport Security (HSTS) on the google.com domain to prevent users from navigating to its
site using the insecure HTTP. About 80 percent of requests to Google servers are through
encrypted connections, but the company is hoping that the HSTS (or HTTPS) rollout will
contribute to its goal of total encryption across its products and services.
Black Hat Security Conference Trims Insecure Features from Its Mobile App
Network World
Black Hat has disabled features of its mobile application that could allow attackers to log in as
legitimate attendees, post messages in their names, and spy on messages.
The Clinton campaign says that its data program was part of a hack of the Committee (DNC)
that intelligence officials believe was carried out by Russias intelligence services.
Related reading: Anonymous Hacks Sarah Silverman Twitter for Bernie or Bust Comment.
How Hackers Can Make 'Virtually Any Person' Click on a Dangerous Link
ZDNet
Researchers at the University of Erlangen-Nuremberg in Germany, who study human factors in
security and privacy, say that hackers can trick almost anyone into clicking on a link, despite
their security awareness.
Security Professional
Enhancing IoT Security: Azure IoT Support for X.509 Certificates Now Available
Microsoft Internet of Things
Microsoft on August 2, 2016, announced Azure IoT support for X.509 certificate device
authentication, considered the gold standard for exchanging data between two parties, such
as a device and cloud platform, with cryptographic safeguards that allow businesses to be
alerted to any potential exposure of information in transit.
Privacy
Article 29 Working Party and the EDPS Advise That EU Should Preserve and Not
Reduce ePrivacy Rules
Bird & Bird
The article summarizes the recent opinions from the Article 29 Working Party (A29WP) (PDF)
and the European Data Protection Supervisor (EDPS) (PDF) on the review of amended
Directive 2002/58/EC concerning the processing of personal data and the protection of
privacy in the electronic communications sector (the ePrivacy Directive).
Top Retailers Consumer Data Collection Plans Raise Privacy Violation Concerns
YLE UUTISET
The S Group, which is the top-grossing firm in Sweden's retail and services sector, is planning
to start collecting detailed information regarding its customers' purchases beginning
September 2016. Finland's consumer advocates are questioning the move.
CEOs who are considering the use of commercial drones should consider key legal issues,
including trespass, privacy, safety, and nuisance.
Government/Law Enforcement
Systematizing Privacy and Governance of Data and the Internet of Things
Data-Smart City Solutions
The article looks at Seattles Technology Privacy Policy and New York Citys Internet of Things
Privacy Policy, their advantages and disadvantages, and what's next for privacy policies.
DHS Preps Advice to Help Election Officials Protect Electronic Voting Machines from
Cyberattack
Government Technology
Following the high-profile breach of Democratic National Committee emails, the US
Department of Homeland Security (DHS) is preparing advice for election officials to better
protect electronic voting machines, online ballots, and vote counts from hackers.
This ATM Hack Could Allow Thieves to Make Off with Thousands
ZDNet
A security vulnerability in new ATMs can be exploited to make them release large sums of
cash. Weston Hecker (yes, same as above) displayed to the Black Hat audience how the
bypass could allow criminals to make off with up to US$50,000 from a machine in under 15
minutes.
researchers also controlled the acceleration pedal and the brakes, and were able to
permanently lock the electronic parking brake.
Follow Microsoft
Microsoft Security
Microsoft Partner
Microsoft MMPC
Microsoft Privacy
Microsoft_Gov
Security Response
MS in DOD
MVPAwardProgram
Contact Us
Microsoft News
Microsoft Safer
Online
Microsoft Partner
UK
Security@Microsoft
(LinkedIn)
The Microsoft Security Slate is a customer-ready, weekly newsletter geared to Microsoft Premier customers and
partners. The Slate provides a scannable, relevant, and consumable snapshot of the weeks security news and
headlines.
Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply
endorsement by Microsoft of the site. The links are not under the control of Microsoft and Microsoft is not responsible
for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites.
Microsoft is not responsible for webcasting of any other form of transmission received from any linked site.
Microsoft customers: Do not forward or redistribute.
2016 Microsoft