Latest news with #SatyaNadella
Geek Wire
2 hours ago
- Business
- Geek Wire
Microsoft grapples with another high-profile security incident: Latest on the SharePoint attacks
Microsoft is once again in the cybersecurity spotlight, acknowledging Tuesday morning that hackers linked to China are among those exploiting vulnerabilities in on-premises SharePoint software, the latest in a string of security problems that have plagued the tech giant. The company has moved quickly to patch the vulnerabilities over the past few days, saying Tuesday that security updates are now available for all supported versions of its SharePoint Server software. It's urging customers to 'apply these updates immediately to ensure they are protected.' 'With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks against unpatched on-premises SharePoint systems,' the company warned in the post on its security blog. The incident is the latest test of Microsoft's cybersecurity overhaul, known as the Secure Future Initiative. Launched amid a series of damaging nation-state attacks — and escalated after a critical Cyber Safety Review Board report — the program aims to improve the security of Microsoft's engineering systems and reduce the risk of breaches. CEO Satya Nadella has declared security the company's top priority, and Microsoft has tied a portion of executive compensation to measurable progress. But the continued emergence of high-impact vulnerabilities — especially in legacy on-premises systems — underscores the scale of the challenge and the urgency of the reforms. At the same time, Microsoft is expanding its security infrastructure products for customers in the cloud. On Tuesday, the company announced a public preview of the Microsoft Sentinel data lake, a new cloud platform designed to help organizations retain and analyze massive volumes of security data. Microsoft says the data lake eliminates silos and enables deeper analytics that could help detect long-dwelling or 'low and slow' attacks. The release reflects the company's broader strategy to modernize threat detection and response, especially for customers shifting away from legacy on-premises systems. The latest developments in the SharePoint vulnerability follow a weekend of emergency patching across government and corporate systems after reports of exploits emerged. The company identified three China-linked groups behind the attacks: Linen Typhoon and Violet Typhoon, both established Chinese state actors, along with Storm-2603, another China-based threat actor. Microsoft said its analysis suggests the exploitation attempts began as early as July 7, nearly two weeks before the vulnerabilities were publicly disclosed on July 19. The fallout has been lessened in part by the fact that the vulnerability doesn't impact cloud-based Microsoft 365 systems. Microsoft issued patches on July 8 to address related SharePoint vulnerabilities, but attackers later developed new exploits that bypassed those protections by leveraging additional flaws. However customers who diligently applied Microsoft's prior patches and followed its security guidance were still less likely to be impacted. Among other steps, the company recommended that customers rotate their cryptographic keys, after detecting signs that hackers were using malicious scripts to retrieve MachineKey data, which could allow them to retain access to systems even after patches are applied. Read the Microsoft post for full technical details.
CNBC
4 hours ago
- Business
- CNBC
Microsoft says Chinese hacking groups exploited SharePoint vulnerability in attacks
Microsoft on Tuesday said Chinese hacking groups were part of the recent attacks on its SharePoint collaboration software. As early as July 7, the Chinese nation-state actors it calls Linen Typhoon and Violet Typhoon have been trying to exploit the vulnerability, as has a China-based actor called Storm-2603, Microsoft said in a Tuesday blog post. On Monday, Charles Carmakal, technology chief of the Google-owned Mandiant cybersecurity consulting group, said in a LinkedIn post that "we assess that at least one of the actors responsible for the early exploitation is a China-nexus threat actor." On Sunday, the U.S. Cybersecurity and Infrastructure Security Agency said it was "aware of active exploitation" of the vulnerability, and Microsoft rolled out patches for two versions of its on-premises SharePoint releases. The software company issued a fix for a third version on Monday. SharePoint is frequently used by businesses and organizations around the world to store and collaborate on documents. Last year, Microsoft CEO Satya Nadella made cybersecurity a top priority after a U.S. government report criticized the company's handling of China's breach of U.S. government officials' email accounts. Last week, the company said it would stop relying on engineers based in China to support the Pentagon's use of cloud services, after a media report suggested that the architecture could have led to China-sponsored attacks against the U.S. defense arm. SharePoint is a key component of Microsoft's widely used Office productivity software, enabling many people inside organizations to access internal files. In 2021, attackers affiliated with the Chinese nation-state group known as Hafnium targeted a different piece of Office software, Exchange Server, which provides mail and calendar services.
NBC News
a day ago
- Business
- NBC News
AI is fueling job cuts, but is it really making companies more efficient?
With news swirling about multibillion-dollar deals for artificial intelligence startups and multimillion-dollar AI worker salaries, it was a study from a small research nonprofit group that turned some heads in the tech world last week. Its findings were simple but surprising: AI made software engineers slower. 'When developers are allowed to use AI tools, they take 19% longer to complete issues — a significant slowdown that goes against developer beliefs and expert forecasts,' the nonprofit group, METR, which specializes in evaluating AI models, said in its report. 'This gap between perception and reality is striking: developers expected AI to speed them up by 24%, and even after experiencing the slowdown, they still believed AI had sped them up by 20%,' the METR authors added. The results may simply reflect the limits of current technology, they said — but they still offer a reality check for what is arguably the buzziest part of the broadly euphoric AI rush: coding. In the past year, AI startups focused on generating software code have been the subject of an intense bidding war that has only escalated in recent weeks. On Monday, AI coding company Windsurf was acquired by another AI startup, Cognition, after a deal with OpenAI reportedly fell through. Google poached Windsurf's CEO while signing a $2.4 billion licensing deal. Cursor, which also focuses on AI code generation, was valued at $10 billion in a May funding round that brought in $900 million. Vibe coding — a style of coding that is entirely reliant on AI — has already become part of the tech lexicon, and discussions about the future of developer jobs can be found on most every online forum dedicated to tech. AI talent, too, remains in high demand, with Facebook parent Meta offering multimillion-dollar paydays. LinkedIn found that 'AI engineer' is the fastest growing job title among recent college graduates — with two related roles, data center technician and system engineer, coming in at Nos. 3 and 4. The AI gold rush has come as overall job openings for software developers hit a five-year low earlier this year, raising questions about AI's responsibility for the slowdown. Among the most prominent firms announcing large rounds of layoffs has been Microsoft, whose CEO, Satya Nadella, has stated that as much as 30% of Microsoft code is now written by AI. Bloomberg News found that in a recent round of layoffs that occurred in Microsoft's home state of Washington, software engineering was by far the largest single job category to receive pink slips, making up more than 40% of the roughly 2,000 positions cut. While it's clear that AI can write code, it's far less certain whether the technology poses a direct threat to coding jobs in the short term. In a paper released Wednesday, MIT researchers laid out the 'many' challenges that still exist before AI can truly begin replacing software engineers wholesale. The main obstacles come when AI programs are asked to develop code at scale, or with more complex logic, the authors found. 'Everyone is talking about how we don't need programmers anymore, and there's all this automation now available,' Armando Solar‑Lezama, an MIT professor and the senior author of the study, said in a press release. 'On the one hand, the field has made tremendous progress. We have tools that are way more powerful than any we've seen before. But there's also a long way to go toward really getting the full promise of automation that we would expect.' What trouble exists in the current coder job market may have more to do with the broader economic slowdown than with abrupt technological changes, experts say. 'Teams are getting smaller,' said Heather Doshay, a partner at SignalFire, a venture capital firm that invests in AI companies. 'Not necessarily because of AI, but because of market demands and operating expenses. What's happening is companies are asking, 'How can we stay lean and hire fewer people while still extending our runway financially?'' However limited AI may be, many coders remain anxious. A popular website that tracks tech layoffs shows that the pace of separations has increased for the past three quarters after seeing steady declines over the previous six — though they remain well below a 2023 Blind, an anonymous message board app popular among tech workers, the topic of AI taking coding jobs is a hot one, with plenty of skepticism about whether it's actually happening — or whether the narrative is an excuse that has allowed companies to cut staff. Gareth Patterson, a 25-year-old New York City resident, says he was able to transition from a sales role into an engineering one only after putting himself through a grueling, nonstop studying regimen that came at the temporary cost of most of his social life, not to mention his workout schedule. He says the payoff has been worth it because his salary now allows him to have disposable income in one of the most expensive cities in the world. But he does not envy those trying to break in or even adapt to the new era. 'The expectations for an engineer are way up,' said a senior software engineer at a tax and auditing firm. 'We're now only seeing the top talent get hired. It's intimidating.'
Business Insider
4 days ago
- Business
- Business Insider
This is how OpenAI COO Brad Lightcap defines AI agents
No one really agrees on what artificial general intelligence is, for instance. Microsoft CEO Satya Nadella recently called it "nonsensical benchmark hacking." There's also debate about what exactly an AI agent is. OpenAI Chief Operating Officer Brad Lightcap offered his thoughts on OpenAI's podcast this week. "It has to be a system that can be reliably handed complex work, that it can take on autonomously, and execute at a high level of proficiency, where it hasn't seen that work before," he said. The "hasn't seen"partis"critical," Lightcap added. On Thursday, OpenAI unveiled its latest contribution to the space: ChatGPT Agent. The new agent "can now do work for you using its own computer, handling complex tasks from start to finish," OpenAI said in its announcement. It combines the work of Operator to engage with websites, Deep Research to synthesize information, and ChatGPT's conversational ability, the company said. Companies are going all out to integrate agents into their work. Major tech firms from Intuit to Salesforce are rolling them out at light speed. Startups, too, are unveiling new agents. The race to adopt AI has left workers worried about whether they'll soon be replaced by a machine. However, at least in Lightcap's view, humans are necessary at every level. Agents aren't just entities that are "trained to copy," he said. They leverage their reasoning capacities to solve problems.
Business Insider
4 days ago
- Business
- Business Insider
This is how OpenAI COO Brad Lightcap defines AI agents
There's not a whole lot of agreement among AI leaders about how to define all the new things they are developing. No one really agrees on what artificial general intelligence is, for instance. Microsoft CEO Satya Nadella recently called it "nonsensical benchmark hacking." There's also debate about what exactly an AI agent is. OpenAI Chief Operating Officer Brad Lightcap offered his thoughts on OpenAI's podcast this week. "It has to be a system that can be reliably handed complex work, that it can take on autonomously, and execute at a high level of proficiency, where it hasn't seen that work before," he said. The "hasn't seen" part is "critical," Lightcap added. On Thursday, OpenAI unveiled its latest contribution to the space: ChatGPT Agent. The new agent "can now do work for you using its own computer, handling complex tasks from start to finish," OpenAI said in its announcement. It combines the work of Operator to engage with websites, Deep Research to synthesize information, and ChatGPT's conversational ability, the company said. Companies are going all out to integrate agents into their work. Major tech firms from Intuit to Salesforce are rolling them out at light speed. Startups, too, are unveiling new agents. The race to adopt AI has left workers worried about whether they'll soon be replaced by a machine. However, at least in Lightcap's view, humans are necessary at every level. Agents aren't just entities that are "trained to copy," he said. They leverage their reasoning capacities to solve problems. Still, it's only a "teammate," he said.
