#031 - Cyber AI Chronicle - Introduction to Microsoft Copilot

PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 18th August 2024

Welcome back!

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.

Table of Contents

What I learned this week

TL;DR

  • This week is the first article about Microsoft Copilot, from its basic architecture to its integration within Microsoft 365. Don't miss next week's edition, where I’ll discuss the essential security measures for Copilot » READ MORE

  • This week was another example of a huge data breach related to millions of Social Security numbers being leaked. Can only recommend the investigation from Krebsonsecurity.com. The background story on the company who leaked the data, National Public Data, is really interesting and worrying at the same time.

  • In other news the geopolitics continue to be a significant driver of cyber security activities. OpenAI confirmed they have disrupted a covert Iranian influence operation. I’m wondering how much of this aligned with the recent Microsoft report, where they mentioned, “[…] In total, we’ve seen nearly all actors seek to incorporate AI content in their operations, but more recently many actors have pivoted back to techniques that have proven effective in the past—simple digital manipulations, mischaracterization of content, and use of trusted labels or logos atop false information. […]” Interesting time and something to keep an eye on from understanding how threat actors are actually incorporating AI in their operations.

  • A busy Patch Tuesday from Microsoft, with six zero-days within a total of 85 CVEs. Here is a list of those 6 CVEs: CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, CVE-2024-38178, CVE-2024-38107, CVE-2024-38106. If you have looked at those please prioritise, the one related to IPv6 (CVE-2024-38063) can be proven being nasty. You can find a full summary here and here. Obviously assess them within your own context to identify the ones that really matter for you.

  • Early August is also the time for Black Hat and Def Con 2024. Here is another pretty good summary of the key research and announcement from TechCrunch.

  • Check out as well some great report on Ransomware activities, which highlight that 6 ransomware groups are responsible for half of the ransomware attacks » READ MORE

The Project Overwatch community is growing. However there is still a majority of readers that don't subscribe. If the cybersecurity and AI content has helped you, subscribing would mean the world to me! The larger our community, the more we can share knowledge and experience to better manage cyber risks and adopt AI in a safe way.

Subscribe to keep reading

This content is free, but you must be subscribed to Project Overwatch to continue reading.

Already a subscriber?Sign In.Not now