Karl Voit :emacs: :orgmode:<p>"Mehr als 100.000 <a href="https://graz.social/tags/Exchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exchange</span></a>-Server sollen in den USA betroffen gewesen sein, in Deutschland mehrere Zehntausend. Das Bundesamt für Sicherheit in der Informationstechnik (<a href="https://graz.social/tags/BSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSI</span></a>) ging davon aus, dass alle Exchange-Systeme, die nicht abgesichert waren, mit einer <a href="https://graz.social/tags/Hintert%C3%BCr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hintertür</span></a> infiziert wurden. Weltweit sollen nach Schätzung des britischen Außenministeriums und des National Cyber <a href="https://graz.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> Centers mehr als eine Viertelmillion Server kompromittiert worden sein."</p><p><a href="https://www.heise.de/news/5-Jahre-nach-grossem-Microsoft-Exchange-Einbruch-Chinese-verhaftet-10479651.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/5-Jahre-nach-gro</span><span class="invisible">ssem-Microsoft-Exchange-Einbruch-Chinese-verhaftet-10479651.html</span></a></p><p>Business as usual bei <a href="https://graz.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a>. </p><p><a href="https://graz.social/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://graz.social/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloud</span></a> <a href="https://graz.social/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Azure</span></a> <a href="https://graz.social/tags/M365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>M365</span></a> <a href="https://graz.social/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft365</span></a> <a href="https://graz.social/tags/Sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheit</span></a></p>
#m365
6 posts6 participants0 posts today
MCP, Microsoft Graph, and Copilot connectors in GitHub Copilot agent mode | by Brian T. Jackett.
The Frog Pond of Technology · MCP, Microsoft Graph, and Copilot connectors in GitHub Copilot agent mode[Update 2025-07-09] After internal discussion with Merill Fernando and others, it does appear that you can use delegated authenticated with interactive auth prompt. I will be testing this out soon …
"Zero-Click Prompt Injection":
https://calypsoai.com/insights/prompt-injection-attacks-what-you-need-to-know/
So instead of trying to trick an employee via phishing #email, you directly go for the #LLM which is enabled and active in #M365 #Copilot to send you the sensitive company data.
#Microsoft is actually reversing a few decades of #security and protection for what exactly? 
Anything you feed to an #AI must be considered public from now on.
CalypsoAIPrompt Injection Attacks: What You Need to Know - CalypsoAIPrompt injection is the top AI security threat. Learn how it works, why it’s dangerous, and how enterprises can secure AI systems against it.
Dew Drop Weekly Newsletter #439 - Week Ending July 4, 2025.
Zoho CampaignsDew Drop Weekly Newsletter 439 - Week Ending July 4, 2025Here are this week's top links from the Morning Dew. Thanks for following!
Dew Drop Weekly Newsletter #439 - Week Ending July 4, 2025.
zc.vg/fxPq8?m=0
#dewdrop #newsletter #aspnetcore #javascript #azure #xaml #windev #csharp #dotnet #ai #agile #devops #github #IoT #podcasts #m365 #sqlserver
Dew Drop Weekly Newsletter 439...
Zoho CampaignsDew Drop Weekly Newsletter 439 - Week Ending July 4, 2025Here are this week's top links from the Morning Dew. Thanks for following!
Replied in thread
Microsoft 365 Copilot APIs: Unlocking enterprise knowledge for AI with the Retrieval API — Now in Public Preview.
Microsoft 365 Developer Blog · Microsoft 365 Copilot APIs: Unlocking enterprise knowledge for AI with the Retrieval API — Now in Public Preview - Microsoft 365 Developer BlogRead how the Retrieval API gives developers a secure, compliant and scalable way to integrate enterprise content into their AI workflows.
Dew Drop Weekly Newsletter 438 - Week Ending June 27, 2025.
Zoho CampaignsDew Drop Weekly Newsletter 438 - Week Ending June 27, 2025Here are this week's top links from the Morning Dew. Thanks for following!
Dew Drop Weekly Newsletter 438 - Week Ending June 27, 2025.
buff.ly/dKKiu46
#dewdrop #newsletter #javascript #cloud #aspnetcore #xaml #csharp #dotnetmaui #dotnet #ai #devops #agile #IoT #mobiledev #podcasts #m365 #database #sqlserver #data #powershell
Dew Drop Weekly Newsletter 438...
Introducing the New SharePoint Template Gallery | by Helen Chen.
TECHCOMMUNITY.MICROSOFT.COMIntroducing the New SharePoint Template Gallery | Microsoft Community Hub
We’re excited to introduce an exciting update to SharePoint with Modern Page Templates -now generally available to commercial customers worldwide!
Dev Proxy v0.29 with refactored architecture, MCP server, and exposed LM prompts | by Waldek Mastykarz & Garry Trinder.
Microsoft 365 Developer Blog · Dev Proxy v0.29 with refactored architecture, MCP server, and exposed LM prompts - Microsoft 365 Developer BlogIntroducing Dev Proxy v0.29, with a major architectural overhaul, control over language model prompts, and improved diagnostics.
At @WEareTROOPERS I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications.
The attack is still alive and well.
You can read all about it here:
https://www.semperis.com/blog/noauth-abuse-alert-full-account-takeover
Semperis · New nOAuth Abuse Alert: Entra Cross-Tenant Saas Apps at RiskThink nOAuth abuse is old news? We wish. Our recent testing shows that nearly 10% of apps in the Microsoft Entra Gallery remain vulnerable.
Vogt am Freitag: Züglete ins Ungewisse - Das Netz ist politisch
- von @revogt
https://dnip.ch/2024/10/25/vogt-am-freitag-zueglete-ins-ungewisse/ #DNIP #M365 #MS365 #Microsoft365 #CloudAct #unplugUSA #DigitalSovereignty #Datenschutz #privacy #Digitalisierung #digitalization #Microsoft
Das Netz ist politisch · Vogt am Freitag: Züglete ins Ungewisse - Das Netz ist politischDie Bundesverwaltung zieht um. Nicht in eine andere Stadt, sondern in die Cloud. Kolumnist Reto Vogt bezweifelt, dass das die richtige Entscheidung ist. Bei
Dew Drop Weekly Newsletter 437 - Week Ending June 20, 2025.
Zoho CampaignsDew Drop Weekly Newsletter 437 - Week Ending June 20, 2025Here are this week's top links from the Morning Dew. Thanks for following!
Dew Drop Weekly Newsletter 437 - Week Ending June 20, 2025.
buff.ly/rTjZU8j
#dewdrop #newsletter #aspnetcore #javascript #cloud #xaml #windev #dotnet #cpp #csharp #ai #agile #devops #mobiledev #gamedev #podcasts #m365 #sqlserver #data #database
Dew Drop Weekly Newsletter 437...
Continued thread
@adfichter @rahel_estermann
Inzwischen hat auch #Heise den Luzerner Konflikt rund um #Microsoft #M365 aufgenommen, was anscheinend zur Entlassung des IT-Sicherheitschefs #CISO geführt hat, weil er sich gegen die Einführung von M365 in #Luzern aussprach.
https://www.heise.de/news/Schweizer-Kanton-feuert-CISO-im-Streit-um-Nutzung-der-Microsoft-Cloud-10451987.html
heise online · Schweizer Kanton feuert CISO im Streit um Nutzung der Microsoft-Cloud