Kategorie

NethSecurity is a Linux firewall that has been gaining traction in the open-source Linux space. Its proactive approach to network management and security has set it apart.

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has been designated DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has been designated DodgeBox by Zscaler ThreatLabz, which discovered the loader strain inNewsroomhttp://www.blogger.com/profile/[email protected]

Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi. CISA has added this Type Confusion bug, exploited in the wild, to its Known Exploited Vulnerability Catalog . CISA has stated, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.", underscoring the significance of this flaw for impacted organizations.

Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit

Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit The Hacker Newshttp://www.blogger.com/profile/[email protected]

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense. "The majority of the custom code in the malware appears to be focused on anti-analysis,

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense. "The majority of the custom code in the malware appears to be focused on anti-analysis, Newsroomhttp://www.blogger.com/profile/[email protected]

Introduction

Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like something you’d get from your employer or a customer. Adopting that approach on a larger scale is a pricey endeavor. Yet, certain elements of spear phishing recently started to be used in regular mass phishing campaigns. This story looks at some real-life examples that illustrate the trend.

Spear phishing vs. mass phishing

Spear phishing is a type of attack that targets a specific individual or small group. Phishing emails like that feature information about the victim, and they tend to copy, both textually and visually, the style used by the company that they pretend to be from. They’re not easy to see for what they are: the attackers avoid errors in technical headers and don’t use email tools that could get them blocked, such as open email relays or bulletproof hosting services included in blocklists, such as DNS-based blocklist (DNSBL).

By contrast, mass phishing campaigns are designed for a large number of recipients: the messages are generalized in nature, they are not addressed to a specific user and do not feature the name of the addressee’s company or any other personalized details. Typos, mistakes and poor design are all common. Today’s AI-powered editing tools help attackers write better, but the text and formatting found in bulk email is still occasionally substandard. There is no structure to who gets targeted: attackers run their campaigns across entire databases of email addresses available to them. It’s a one-size-fits-all message inside: corporate discounts, security alerts from popular services, issues with signing in and the like.

Attacks evolving: real-life examples

Unlike other types of email phishing, spear phishing was never a tool for mass attacks. However, as we researched user requests in late 2023, we spotted an anomaly in how detections were distributed statistically. A lot of the emails that we found were impossible to pigeonhole as either targeted or mass-oriented. They boasted a quality design, personalized details of the targeted company and styling that imitated HR notifications. Still the campaigns were too aggressive and sent on too mass a scale to qualify as spear phishing.

An HR phishing email message: the body references the company, the recipient is addressed by their name, and the content is specialized enough so as to feel normal to a vigilant user

Besides, the message linked to a typical fake Outlook sign-in form. The form was not customized to reflect the target company’s style – a sure sign of bulk phishing.

The phishing sign-in form that opened when the user clicked the link in the email

Another similar campaign uses so-called ghost spoofing, a type of spoofing that adds a real corporate email address to the sender’s name, but does not hide or modify the actual domain. The technique sees increasing use in targeted attacks, but it’s overkill for mass phishing.

An HR phishing email message that uses ghost spoofing: the sender’s name contains the HR team’s email address, lending an air of authenticity to the email

As in the previous example, the phishing link in the email doesn’t have any unique features that a spear phishing link would. The sign-in form that opens contains no personalized details, while the design looks exactly like many other forms of this kind. It is hosted on an IPFS service like those often used in mass attacks.

The IPFS phishing sign-in form

Statistics

The number of mixed phishing emails, March-May, 2024 (download)

We detected a substantial increase in the number of those mixed attacks in March through May 2024. First and foremost, this is a sign that tools used by attackers are growing in complexity and sophistication. Today’s technology lowers the cost of launching personalized attacks at scale. AI-powered tools can style the email body as an official HR request, fix typos and create a clean design. We have also observed a proliferation of third-party spear phishing services. This calls for increased vigilance on the part of users and more robust corporate security infrastructure.

Takeaways

Attackers are increasingly adopting spear phishing methods and technology in their bulk phishing campaigns: emails they send are growing more personalized, and the range of their spoofing technologies and tactics is expanding. These are still mass email campaigns and as such present a potential threat. This calls for safeguards that keep up with the pace of advances in technology while combining sets of methods and services to combat each type of phishing.

To fend off email attacks that combine spear and mass phishing elements:

• Pay attention to the sender’s address and the actual email domain: in an official corporate email, these must match.
• If something smells phishy, ask the sender to clarify, but don’t just reply to the email: use a different communication channel.
• Hold regular awareness sessions for your team to educate them about email phishing.
• Use advanced security solutions that incorporate anti-spam filtering and protection.

It’s been 10 years since Slack launched its popular chat application and ushered in an era of fast-paced and more casual business communications. While the email inbox hasn’t yet been consigned to the past, the effect Slack has had on office work is clear, making it easier (at times, too easy) to share information and interact with colleagues, regardless of where they are. 

For the company’s new CEO, Denise Dresser, the introduction of AI-based tools is an opportunity for the company to continue to shape the way work gets done. “I could not be more optimistic about what the future of AI is going to bring to the future of how we all work,” Dresser said. “We celebrated our 10th anniversary in February and I feel like Slack was made for this moment of generative AI…, for Slack to again lead the next decade of this AI-powered future of work.”

The launch of Slack AI earlier this year is one of bigger changes to Slack’s application in recent years. A revamped user interface rolled out in 2023 sought to retain ease of use even as new functions were added. The changes ranged from canvas documents to lightweight video and voice calls and a task management tool, with automation continuing as a major focus via Workflow Builder. 

There have been some major changes in personnel, too. Co-founder and Stewart Butterfield announced his departure in 2022, a year after Slack’s $27.7 billion acquisition by Salesforce, and other senior leaders have since moved on. Butterfield’s successor, Lidiane Jones, was CEO for just a year before taking over at dating app company Bumble. That makes Dresser, who joined in November 2023, the third boss in a little over a year. 

Among her priorities are plans to bring Slack’s new native capabilities — such as the recently launched lists tool — to customers in a “broader way,” while continuing to build AI into the platform after the general availability launch of Slack AI in February. 

Another focus has been to more deeply integrate Slack into the Salesforce ecosystem in terms of both product and customer sales strategy. Dresser’s background at Salesforce — where she has held several senior executive roles since 2011 — should help align the two businesses, said Will McKeon-White, senior analyst at Forrester. Her appointment will help in “creating better joint go-to-market motions, in all the rationalization and operationalization that needs to happen with any of these motions — I’m quite a fan of that,” he said. 

Slack’s headwinds

Dresser takes over at a time of slowing growth for the business. Quarterly revenue growth during FY2024 and into FY2025 has reached between 16% and 20% year over year, roughly half as high as quarterly growth shown in Slack and Salesforce earnings reports between 2020 and 2023. 

“Slack has been facing more headwinds recently,” said McKeon-White, pointing to internal challenges such as integration efforts after the Salesforce acquisition, a fast-changing competitive environment (with a wider range of rivals such as Zoom competing more directly), and a shift in customer purchasing post-pandemic.

After businesses scrambled to roll out communication software during the COVID-19 outbreak to facilitate remote work at scale, many later sought to reduce the number of applications they use. The global market for collaboration software continued to see double digit growth, according to IDC data for 2022, when the market was valued at $33.9 billion, though the rate of increase slowed as the pandemic eased. 

Slack appears to have felt the change more acutely, said McKeon-White, due to a formidable competitor: Microsoft’s Teams, which launched in 2016 as a response to Slack’s runaway workplace success. 

For customers invested in the Microsoft 365 suite, it made sense to use what they were already paying for. “Our research shows — and I think the market shows — that a fair amount of companies have gone in that direction and said Teams is ‘good enough,’” said Irwin Lazar, president and principal analyst at Metrigy.

Microsoft has now unbundled Teams from M365 for new subscribers (following an antitrust battle with European regulators), but that’s unlikely to benefit Slack in a significant way, analysts have said.  And yet, many organizations support both apps, said McKeon-White, as businesses seek to deploy multiple communication tools to meet employee needs. 

“So, while there has been that gradual attrition and centralization, there’s now an emerging counter movement to that,” he said.

“There is competition between Slack and Teams, but when they’re used together, when they’re integrated, there’s also a synergy,” said Wayne Kurtzman, IDC’s vice president of social, community and collaboration. “So additional growth may actually come from the synergy of having both in the enterprise.”

In a crowded field, still room to grow

Despite the challenges, Slack remains in a strong position to grow, say analysts. Efforts to add functionality to the platform have paid off, making the application even more useful to customers. “The enhancements to the platform are leaning into their strengths, which is as a center of collaboration and automation in an organization…,” said McKeon-White.  

Dresser argued that the value of Slack is clear and cited the company’s own customer survey data; it indicatea a 47% productivity increase, a 36% increase in win rate for sales users, 32% faster case resolution time in customer service, and a 37% acceleration for decision making in marketing.

Said Dresser: “I find it’s not hard to make the case [to customers]; it’s focusing on the business outcome of the platform itself. Slack is where work gets done and our results and outcomes really speak to that.”

The clearest opportunity for growth lies in selling Slack to Salesforce customer organizations, said McKeon-White, though this remains a work in progress. “That is a ready-made pipeline for them, effectively, but will require some joint go-to-market efforts and additional contract value…. That might be something like platform discounts and other similar motions,” he said.

Slack hasn’t moved as aggressively to integrate with Salesforce as it might have, though the launch last year of Sales Elevate, which makes Salesforce data more easily accessible in the collaboration app, is a sign of an improvement. “I think that’s where there’s a huge opportunity to make Slack the front-end of Salesforce,” said Lazar.  If I’m a salesperson or sales manager, or if I’m using Salesforce marketing campaigns, then I can manage all the different Salesforce features within Slack, and I have the ability to collaborate,” he said.

McKeon-White also sees potential for Slack to further tailor its app to specific job roles and industries. Features like lists and Workflow Builder enable Slack to be tailored to internal use cases, such as procurement, for example, or IT, and there are  opportunities to cater to specific verticals such as a healthcare or retail organization more intently.

Slack can also increase revenues from existing customers, said Lazar, as it continues to evolve. “Most of their growth is going to happen within their existing customer base by adding new feature functionality and adding higher-level licenses, or converting people over to the Enterprise Grid product,” he said. 

Slack’s AI future

A major focus for the company, as with all vendors in the collaboration and productivity software space, is the addition of generative AI (genAI) tools. 

Slack AI launched earlier this year, with three features:

• AI powered search. This provides personalized answers to questions based on an organization’s knowledge base. Slack AI helps users locate subject matter experts, or find information on anything from work projects to understanding unfamiliar acronyms.
• Channel recaps. This highlights key discussion points for a Slack user after a period away from the app, or for those who have recently joined a channel.
• Thread summaries. This feature recaps faster-moving discussions, provides thread summaries, and offers an overview of long conversations, with links to sources in each summary that enable users to check information where necessary.

Slack AI’s advantage lies in its ease of use, with little or no training required, Dresser said.

Slack AI search allows users to more quickly find information that could be buried in channels and chats.

Slack

“One of our product principles is ‘don’t make me think’ and that’s a key part of how we’re thinking about AI,” she said. That means ensuring Slack is embedded in “the most logical places that drive immediate productivity, and maybe a little bit of joy and delight in the process.” She points to the AI recap feature. “I love starting my day out with ‘recap,’ so that when there are channels that I don’t necessarily read all day long, I get a quick recap of what happened and I’m on with my day.”

Slack, like all tech companies, is still working to overcome some of genAI’s limitations. Hallucinations are an inherent problem for large language models(LLMs), particularly in a workplace context where accuracy is vital. Dresser said Slack attempts to mitigate the impact of hallucinations with citations that link back to the original source of information. “It allows people to feel that it is less of a black box,” she said. “They can actually see the specific conversation that led to the summarization of that result. It’s little things like that that provide the transparency that helps you build trust.”

Slack CEO: Trust matters

Trust around the use of customer data is a hot topic, too. Slack users recently vented frustrations at terms of service that some interpreted as the company seeking to use customer data to train its AI models. While Slack explained that the terms related to the use of “traditional” machine learning algorithms for relatively benign purposes (channel and emoji recommendations, for instance) rather than using messages to train LLMs as some had feared, the situation underlined the tensions around access to customer data. 

“We did hear from customers that we needed to be more clear, so we immediately updated our language on the website, so customers know exactly where we stand,” Dresser said. “Trust is our top priority. When we built generative AI natively into Slack, it was a huge area of our focus. 

“We do not develop LLMs or other generative AI models using customer data, full stop.”

Slack is not alone in tackling genAI’s various difficulties. “This is like the pre-game show for AI,” said Kurtzman. “It is the very beginning. Things are not where we imagine they should be. Slack is doing well with AI that’s tuned to identify content within a conversation and identify value within the conversation. But everyone’s AI is continually improving.”

Despite widespread interest in the technology, there’s still a long way to go in terms of broad adoption. A recent Slack survey showed that only 32% of respondents have accessed AI in their jobs, with half doing so on a weekly basis. 

Part of that is because of cost, part of it is uncertainty about whether generative AI can deliver value, given the additional cost to users. Slack AI costs an additional $10 per user each month — that’s less expensive than others, but still a significant outlay as AI assistants become widely available.

“For organizations who have used it [Slack AI], they seem to be very happy with it,” said McKeon-White. “But getting the budget together in order to justify another internal AI experiment is fairly difficult today: It turns out AI is expensive, especially if you try to do it for all of your organization.” 

“On the whole, we believe that pricing will eventually be baked into everything as AI becomes ubiquitous,” said Kurtzman. “But for today, the [additional] pricing generally returns value fairly quickly.” 

The initial Slack AI feature such as conversation summarization are useful, but can make it hard to justify the cost. “I think initially it’s a tough sell,” said Lazar, at least until Slack AI can integrate a wider range of data sources from third-party apps, which could significantly increase its capabilities.

Still, early Slack AI customers have already noted its utility, said Dresser; an internal analysis of pilot customers indicated it saves users an average 97 minutes a week, for instance. “We’re still in the very early days…, but the results are really positive. Starting in the right places, in a trusted manner, right in the flow of work, will be the way that I think the world begins to adopt…AI,” she said.

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. ItNewsroomhttp://www.blogger.com/profile/[email protected]

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to Newsroomhttp://www.blogger.com/profile/[email protected]

Investment firm SAI Group this week announced it has acquired Get Well, a 24-year-old company that provides digital patient engagement technology to 1,000 healthcare organizations.

The financial terms of the deal were not disclosed.

SAI said the purchase of Get Well adds to its portfolio of AI healthcare companies. SAI plans to integrate its own generative AI (genAI) platform – GPT 4.0-powered RhythmX AI — “into the patient experience inside and outside the hospital.”

(RhythmX is also the name of SAIGroup’s subsidiary company.)

GetWell’s own digital patient engagement platform — Get Well 360 — already interacts with more than 10 million patients annually, offering them online point-of-care engagement and “guided care,” among other modules. The RhythmX platform offers patients prescriptive actions and recommendations doctors can drill into using a generative AI-enabled natural language interface and AI-native copilots.

“As part of SAIGroup, Get Well’s mission to enable the best patient experience will undergo a rapid transformation with AI to a full precision care platform for hospitals and ambulatory centers,” SAIGroup CEO Romesh Wadhwani said in a statement. “This strategic investment underscores SAIGroup’s commitment to innovative AI-driven solutions in healthcare and highlights our confidence in Get Well as a leader in the digital patient engagement space.” 

GetWell’s competitors in the Healthcare Management System arena include EPIC, Cerner, and eClinicalWorks.

Through mergers and acquisitions, SAIGroup has grown into a company with a massive trove of healthcare data from 300 million patients, 4.4 billion annual claims, and information on more than 1.8 million healthcare professionals, according to its own reports.

“Experience, which is often where engagement falls, continues to be the top outcome sought from digital investments,” but many organizations are still falling short of goals set by their executive leadership, according to Faith Adams, a Gartner senior director analyst.

As in most other industries, healthcare providers face a massive shortage of AI-skilled employees and IT pros needed to integrate new automation tools. Healthcare also faces a shortage of clinicians, which automated patient interactions could help address, according to Adams.

A 2024 survey by online education company Pluralsight showed more than 80% of IT pros think they can use AI, but just 12% have the skills and expertise to do so. That same survey showed 97% of firms that have deployed AI have benefited from it, citing increased productivity and efficiency, improved customer service, and reduced human error.

““The biggest part of the story is the shortage of AI tech experience, and patient engagement experience,” Adams said. “One of the bigger opportunities we see here is bringing together SAI’s AI expertise with GetWell’s patient engagement expertise.”

AI platforms can serve as digital tools to bolster patient access to personalized medicine and health literacy — the ability to obtain, read, understand, and use healthcare information to make appropriate health decisions and follow treatment instructions. AI tech can also help patients with their “digital literacy,” allowing them to better find, evaluate, and communicate information through digital media platforms.

In other words, instead of struggling to contact clinicians, online query and answer engines powered by AI can give patients answers based on their own health record information and clinical recommendations.

Gartner coined the phrase “Intelligent Health” last year to describe what it sees at the future of digital transformation in healthcare and the life science industries. Intelligent Health refers to the harnessing of the ever-growing volume and variety of patient and clinical data to offer providers and patients a better and more precise healthcare experience.

Gartner Inc.

“Given the complexity of healthcare patient journeys, there is really no one-size-fits-all, and this is where technology can help better support personalization [and] precision using data and insights,” Adams said. “Intelligent health is interoperable by default, relying on continuous data to deliver experience through the unification of digital and in-person care delivery that is precise, equitable and ethical.”

Every patient needs to be approached differently to drive behavioral changes, according to Adams. For example, if a patient needs to lose weight or eat healthier to lower their cholesterol and/or blood pressure levels, AI-based technology can assess their history and make recommendations.

“Patients continue to demand more from their experiences, and they have more choice now than ever. Each patient type needs to be approached differently to drive behavioral change.  This [AI tool] simplifies it,” Adams said.

“There are other factors that can influence it, too, but this is always a good starting point to show the no-one-size-fits-all approach will drive behavior change and engagement.”

More by Lucas Mearian:

• Desperate for power, AI hosts turn to nuclear industry
• Top 5 AI employee fears and how to combat them
• Slack wants to become the ‘long-term memory’ for organizations

Initially called Microsoft 365 Copilot when it launched in November 2023, the renamed “Copilot for Microsoft 365” brings a range of generative AI (genAI) features to office productivity apps such as Word, Outlook, Teams and Excel. 

In a blog post announcing the tool, Microsoft CEO Satya Nadella described it as “the next major step in the evolution of how we interact with computing…. With our new copilot for work, we’re giving people more agency and making technology more accessible through the most universal interface — natural language.”

At launch, Microsoft explained that the Copilot “system” consists of three elements: Microsoft 365 apps such as Word, Excel, and Teams, where users interact with the AI assistant; Microsoft Graph, which includes files, documents, and data across the Microsoft 365 environment; and the OpenAI models that process user prompts, such as the ChatGPT-4 large language model and DALL-E 3 model for image generation.

With the tool, Microsoft aims to create a “more usable, functional assistant” for work, J.P. Gownder, vice president and principal analyst at Forrester’s Future of Work team, told Computerworld in fall 2023. “The concept is that you’re the ‘pilot,’ but the Copilot is there to take on tasks that can make life a lot easier.” 

The Copilot for M365 is “part of a larger movement of generative AI that will clearly change the way that we do computing,” he said, noting how the technology has already been applied to a variety of job functions — from writing content to creating code — since ChatGPT-3.5 launched in late 2022.

A Forrester report last year predicted that 6.9 million US knowledge workers — around 8% of the total — would be using Copilot for M365 by the end of 2024.

Nadella talked up the effectiveness of the M365 Copilot during a 2023 earnings call, claiming customers had seen productivity gains in line with that of the GitHub Copilot, the AI assistant aimed at developers that launched two years ago. (For reference, GitHub has previously claimed developers were able to complete a single task 55% quicker thanks to the GitHub Copilot, while acknowledging the challenges in measuring productivity.)

Even priced at $30 per user per month, there’s potential to deliver considerable value to businesses, assuming the Copilot delivers on its promise over time. Said Gownder: “The key issue is, ‘Does it actually save that time?’ because it’s hard to measure and we don’t really know for sure. But even conservative time savings estimates are pretty generous.”

The Copilot for M365 is billed as providing employees with access to genAI without the security concerns of consumer genAI tools; Microsoft says its models aren’t trained on customer data, for instance. But deploying the tool represents significant challenges, said Avivah Litan, distinguished vice president analyst at Gartner.

There are two primary business risks, she said: the potential for the Copilot to ‘hallucinate’ and provide inaccurate information to users, and the ability for the Copilot’s language models to access huge swathes of corporate data that’s not locked down properly.

“Information oversharing is one of the biggest issues people are going to face in the next few months, or six months to a year,” said Litan. “That’s where the rubber is going to hit the road on the risk — it’s not so much giving the data to Microsoft or OpenAI or Google, it’s all the exposure internally.”

Copilot for Microsoft 365 features: How do you use it?

Copilot interactions within apps can take a variety of forms, depending on the application. In many cases, users will interact with it via the chat interface available in a sidebar; Copilot functionality is also built more directly into some apps, such as a pop-up in a Word document or Outlook email, for instance. 

Here’s how the Copilot works in some M365 apps.

In a Word doc, it can suggest improvements to existing text or let users create a first draft from scratch. To generate a draft, a user can ask Copilot in natural language to create text based on a prompt, and can upload additional files and sources of information to guide the AI assistant. Once created, the user can edit th document, adjust the style, or ask the Copilot to redo the whole thing. A Copilot sidebar provides space for more interactions with the bot, which also suggests prompts to improve the draft, such as adding images or an FAQ section, or summarize the text. 

During a Teams video call, the Copilot provides a recap of what’s been discussed so far, with a brief overview of conversation points in real time. It’s also possible to ask the AI assistant for feedback on people’s views during a call, or what questions remain unresolved. Those unable to attend a particular meeting can send the AI assistant in their place to provide a summary of what they missed and action items they need to follow up on. 

Copilot can help a Word user draft a proposal from meeting notes. 

In PowerPoint, Copilot can automatically turn a Word document into draft slides that can then be adapted via natural language in the Copilot sidebar. It can also generate suggested speaker notes to go with the slides and add more images. 

These are just some examples. Other apps that feature Copilot integration include Excel, Outlook, OneNote, Loop, and Whiteboard.

The other way to interact with Copilot is via a separate chat interface that’s accessible via Teams. Here, the Copilot works as a search tool that surfaces information from a range of sources, including documents, calendars, emails, and chats. For instance, an employee could ask for an update on a project, and get a summary of relevant team communications and documents already created, with links to sources.

Microsoft will extend Copilot’s reach into other apps workers use via “plugins” — essentially third-party app integrations. These will allow the assistant to tap into data held in apps from other software vendors including Atlassian, ServiceNow, and Mural. Fifty such plugins are available, with “thousands” more expected eventually, Microsoft said. 

How much does Copilot cost — is it worth $30 per user, per month?

The main Microsoft 365 Copilot is available for enterprise customers on E3, E5, F1 and F3 plans, as well as Office E1, E3, E5, and Apps for Enterprise. It’s also available for smaller business customers on the following plans: Businesses Basic, Business Standard, Business Premium, and Apps for Business.

In each case, the Copilot for Microsoft 365 costs an additional $30 per user each month.

It’s a significant extra expense given that M365 subscriptions start at $6 per user each month for Busines Basic and go up to $55 per user each month for E5. Part of this due to the cost of the high computing costs of the Copilot incurred by Microsoft, said Raúl Castañón, senior research analyst at 451 Research, a part of S&P Global Market Intelligence.

“Microsoft is likely looking to avoid the challenges faced with GitHub Copilot, which was made generally available in mid-2022 for $10/month and, despite surpassing more than 1.5 million users, reportedly remains unprofitable,” said Castañón.

In addition to the core Copilot for M365, job role-specific Copilots are available as paid add-ons. Sales and service Copilots each cost an additional $20 per user each month, while a finance Copilot is currently in preview.

The pricing strategy reflects Microsoft’s confidence in the impact that genAI will have on workforce productivity.

Per Forrester’s calculations in the “Build Your Business Case For Microsoft 365 Copilot” report, an employee earning $120,000 annually — roughly $57 per hour — might save four hours a month on various productivity tasks; those four hours would be worth around $230 a month. In that scenario, it would make sense to invest in Copilot for an employee earning even half that amount, and that’s leaving aside less tangible benefits around employee experience when automating mundane tasks.

There are, as the Forrester points out, other costs to consider beyond licensing — employee training, for instance, as employees learn the new technology. Gartner also predicts that enterprise security spending will increase in the region of 10% to 15% in the next couple of years as a result of efforts to secure genAI tools (not just M365 Copilot).

Businesses are likely to take a cautious approach to deploying the Microsoft tool, at least at first. Microsoft expects revenue related to M365 Copilot to “grow gradually over time,” Microsoft CFO Amy Hood said during the company’s Q1 2024 earnings call. On the same call, Nadella noted that Copilot will be subject to the usual “enterprise cycle times in terms of adoption and ramp.”

Even if the pace of adoption is gradual, there appears to be plenty of interest in deploying it. Forrester expects around a third of M365 customers in the US to invest in Copilot in the first year. Companies that do so will provide licenses to around 40% of employees during this period, the firm estimated.

(Note: while not actually branded as Copilot, Microsoft also makes some genAI features available in Teams Premium. This includes AI-generated notes, AI-generated tasks and live translations in video calls, all of which are powered by ChatGPT AI models. For businesses that are mostly interested in AI assistant features for meetings, this offers a cheaper option than a full Copilot for M365 subscription.) 

What are Microsoft’s other Copilots?

Microsoft’s Copilot is embedded in a wide array of products. Beyond the M365 suite, there are Copilots for Dynamics, Power BI, GitHub, and Microsoft’s security suite.

And then there are Copilots aimed primarily at consumer, rather than business, users. 

Microsoft launched Copilot Pro in January 2024, a $20 a month subscription that provides individuals with similar functionality to the Copilot for M365. Copilot Pro customers gain access to Copilot chatbot and genAI image creation, as well as AI assistant features in free web versions of apps such as Word, Excel, PowerPoint, and Outlook (though not Teams). Those with Microsoft 365 Personal and family subscriptions can also access the Copilot in desktop apps. 

There’s also a free version of the Copilot with access to chatbot functionality only.

The Copilot chat interface is accessible in several ways by both paid and free users. There’s a dedicated web page, a mobile app, and a chatbot built into the Windows operating system, Edge browser, and Bing search engine.

How are early customers using Copilot?

There are two basic ways users will interact with Copilot. It can be accessed directly within a particular app — to create PowerPoint slides, for example, or an email draft — or via a natural language chatbot accessible in Teams, known as Microsoft 365 Chat. 

Interactions within apps can take a variety of forms, depending on the application. When Copilot is invoked in a Word document, for example, it can suggest improvements to existing text, or even create a first draft.

To generate a draft, a user can ask Copilot in natural language to create text based on a particular source of information or from a combination of sources. One example: creating a draft proposal based on meeting notes from OneNote and a product road map from another Word doc. Once a draft is created, the user can edit it, adjust the style, or ask the AI tool to redo the whole document. A Copilot sidebar provides space for more interactions with the bot, which also suggests prompts to improve the draft, such as adding images or an FAQ section. 

During a Teams video call, a participant can request a recap of what’s been discussed so far, with Copilot providing a brief overview of conversation points in real time via the Copilot sidebar. It’s also possible to ask the AI assistant for feedback on people’s views during the call, or what questions remain unresolved. Those unable to attend a particular meeting can send the AI assistant in their place to provide a summary of what they missed and action items they need to follow up on. 

In PowerPoint, Copilot can automatically turn a Word document into draft slides that can then be adapted via natural language in the Copilot sidebar. Copilot can also generate suggested speaker notes to go with the slides and add more images. 

The other way to interact with Copilot is via Microsoft 365 Chat, which is accessible as a chatbot with Teams. Here, Microsoft 365 Chat works as a search tool that surfaces information from a range of sources, including documents, calendars, emails, and chats. For instance, an employee could ask for an update on a project, and get a summary of relevant team communications and documents already created, with links to sources.

Microsoft will extend Copilot’s reach into other apps workers use via “plugins” — essentially third-party app integrations. These will allow the assistant to tap into data held in apps from other software vendors including Atlassian, ServiceNow, and Mural. Fifty such plugins are available, with “thousands” more expected eventually, Microsoft said. 

Copilot can synthesize information about a project from different sources.

How are early customers using Copilot?

Prior to launch, many businesses accessed the Copilot for M365 as part of a paid early access program (EAP); it began with a small number of participants before growing to several hundred customers, including Chevron, Goodyear, and General Motors. 

One of those involved in the EAP was marketing firm Dentsu, which began deploying 300 licenses to tech staff and then employees across its business lines globally. The most popular use case so far is summarization of information generated in M365 apps — a Teams call being one example.

“Summarization is definitely the most common use case we see right out of the box, because it’s an easy prompt: you don’t really have to do any prompt engineering…, it’s suggested by Copilot,” Kate Slade, director of emerging technology enablement at Dentsu, said.

Staffers would also access M365 Chat functions to prepare for meetings, for instance, with the ability to quickly pull information from different sources. This could mean finding information from a project several years ago “without having to hunt through a folder maze,” said Slade.

The feedback from workers at Dentsu has been overwhelmingly positive, said Slade, with a waiting list now in place for those who want to use the AI tool.

“It’s reducing the time that they spend on [tasks] and giving them back time to be more creative, more strategic, or just be a human and connect peer to peer in Teams meetings,” she said. “That’s been one of the biggest impacts that we’ve seen…, just helping make time for the higher-level cognitive tasks that people have to do.”

Use cases have varied between different roles. Denstu’s graphic designers would get less value from using Copilot in PowerPoint, for example: “They’re going to create really visually stunning pieces themselves and not really be satisfied with that out-of-the-box capability,” said Slade. “But those same creatives might get a lot of benefits from Copilot in Excel and being able to use natural language to say, ‘Hey, I need to do some analysis on this table,’ or ‘What are key trends from this data?’ or ‘I want to add a column that does this or that.’”

How does Copilot compare with other productivity and collaboration genAI tools?

Most vendors in the productivity and collaboration software market have added genAI to their offerings at this point.

Google, Microsoft’s main competitor in the productivity software arena, launched DuetAI for Workspace in 2023, and rebranded to Gemini Enterprise ($30 per user each month) and   Gemini Business ($20 user each month). Google’s AI assistant can summarize Gmail conversations, draft texts, and generate images in Workspace apps such as Docs, Sheets,and Slides. 

Slack, the collaboration software firm owned by Salesforce and a rival to Microsoft Teams, launched its Slack AI feature in February. Other firms that compete with elements of the Microsoft 365 portfolio, such as Zoom, Box, Coda, and Cisco, have also touted genAI plans. 

Meanwhile, Apple announced that it will build generative AI features into its range of productivity tools.

Then there are the AI specific tools, such as OpenAI’s ChatGPT, as well as Claude, Perplexity AI, Jasper AI and others, that provide also provide text generation and document summarization features. 

Copilot has some advantages over rivals. One is Microsoft’s dominant position in the productivity and collaboration software market, said Castañón. “The key advantage the Microsoft 365 Copilot will have is that — like other previous initiatives such as Teams — it has a ‘ready-made’ opportunity with Microsoft’s collaboration and productivity portfolio and its extensive global footprint,” he said. 

Microsoft’s close partnership with OpenAI (Microsoft has invested billions of dollars in the company on several occasions since 2019 and has a large non-controlling share of the business), likely helped it build generative AI across its applications at faster rate than rivals. 

“Its investment in OpenAI has already had an impact, allowing it to accelerate the use of generative AI/LLMs in its products, jumping ahead of Google Cloud and other competitors,” said Castañón. 

What are the genAI risks for businesses? ‘Hallucinations’ and data protection

Along with the potential benefits of genAI tools like the Copilot for M365, businesses should consider risks. These include the hallucinations large language models (LLMs) are prone to, where incorrect information is provided to employees.

“Copilot is generative AI — it definitely can hallucinate,” said Slade, citing the example of one employee who asked the Copilot to provide a summary of pro bono work completed that month to add to their timecard and send to their manager. A detailed two-page summary document was created without issue; however, the address of all meetings was given as “123 Main Street, City, USA” — an error that’s easily noticed, but an indication of the care required by users when relying on Copilot.

The occurrence of hallucinations can be reduced by improving prompts, but Dentsu staff have been advised to treat outputs from the genAI assistant with caution. “The more context you can give it generally, the closer you’re going to get to a final output,” said Slade. “But it’s never going to replace the need for human review and fact check.

“As much as you can, level-set expectations and communicate to your first users that this is still an evolving technology. It’s a first draft, it’s not a final draft — it’s going to hallucinate and mess up sometimes.”

Tools that filter Copilot outputs are emerging that could help here, said Litan, but this is likely to remain a key challenge for businesses for the forseeable future.

Another risk relates to one of the major strengths of the Copilot: its ability to sift through files and data across a company’s M365 environment using natural language inputs.

While Copilot is only able to access files according to permissions granted to individual employees, the reality is that businesses often fail to adequately label sensitive documents. This means individual employees might suddenly realize they are able to ask Copilot to provide details on payroll or customer information if it hasn’t been locked down with the right permissions.

A 2022 report by data security firm Varonis claimed that one in 10 files hosted in SaaS environments is accessible by all staff; an earlier 2019 report put that figure — including cloud and on-prem files and folders — at 22%. In many cases, this can mean organization-wide permissions are granted to thousands of sensitive files, Varonis said.

In many cases, the most important data, around payroll, for instance, will have strict permissions in place. A greater challenge lies in securing unstructured data, with sensitive information finding its way into a wide range of documents created by individual employees — a store manager planning payroll in an Excel spreadsheet before updating a central system, for example. This is similar to a situation that the CTO of an unnamed US restaurant chain encountered during the EAP, said Litan. 

“There’s a lot of personal data that’s kept on spreadsheets belonging to individual managers,” said Litan. “There’s also a lot of intellectual property that’s kept on Word documents in SharePoint or Teams or OneDrive.”

“You don’t realize how much you have access to in the average company,” said Matt Radolec, vice president for incident response and cloud operations at Varonis. “An assumption you could have is that people generally lock this stuff down: they do not. Things are generally open.”

Another consideration is that employees often end up storing files relating to their personal lives on work laptops.

“Employees use their desktops for personal work, too — most of them don’t have separate laptops,” said Litan. “So you’re going to have to give employees time to get rid of all their personal data. And sometimes you can’t, they can’t just take it off the system that easily because they’re locked down — you can’t put USB drives in [to corporate devices, in some cases].

“So it’s just a lot of processes companies have to go through. I’m on calls with clients every day on the risk. This one really hits them.”

Getting data governance in order is a process that could take businesses more than a year to get sorted, said Litan. “There are no shortcuts. You’ve got to go through the entire organization and set up the permissions properly,” she said.

In Radolec’s view, very few M365 customers have yet adequately addressed the risks around data access within their organization. “I think a lot of them are just planning to do the blocking and tackling after they get started,” he said. “We’ll see to what degree of effectiveness that is [after launch]. We’re right around the corner from seeing how well people will fare with it.”

The Copilot for M365 pros and cons Pros:

• Boost to productivity. GenAI features can save time for users by automating certain tasks. 
• Breadth of features. Copilot for M365 is built into the productivity apps that many workers use on a daily basis, including Word, Excel, Outlook and Teams. 
• Responses generated by the Copilot for M365 are anchored in the emails, files, calendars, meetings, contacts, and other information contained in Microsoft 365. This means the Copilot for M365 can arguably offer greater insights into work data than any other generative AI tool. 
• Enterprise-grade privacy and security controls. Unlike consumer AI assistants, Microsoft promises that customer data won’t be used to train Copilot models. It also offers tools to help manage access to data in M365 apps.   

Cons:

• Price. GenAI isn’t cheap and M365 customers are required to pay a significant additional fee each month for access to Copilot features. An individual employee might not need access to Copilot in more than a couple ofM365 apps.
• Need for employee training. Getting the most out of genAI tools will require guidance around effective prompts, particularly for employees that are unfamiliar with the technology — an additional cost businesses must factor in.
• Accuracy and hallucinations. LLMs are notoriously unreliable, confidently offering answers that are incorrect. This is a particular concern when it comes to business data, and users must be on the lookout for errors in Copilot outputs.
• Data protection risks. The ability for Copilot for M365 to access a wide range of corporate data means businesses must be careful to ensure that sensitive documents are not exposed.
• The Copilot functionality in Excel is limited at this stage.

More on Copilot for Microsoft 365:

• Copilot for Microsoft 365 deep dive: Productivity at a steep price
• Microsoft Copilot Pro review: Office joins the genAI revolution
• Microsoft extends Copilot access to individuals and SMBs

Enterprise developers might not be the biggest audience, but they’re a really important one — so the news that MacStadium has introduced a tool that lets them create and manage multiple macOS virtual machines locally matters. It’s a free addition to the company’s existing suite of virtualization tools, which it introduced with Orka Workspace a year or two ago.

The time is right for tools like this. After all, developers are building more Mac, iPad, and iPhone apps than ever before, reflecting the growing market share of Apple products in the enterprise. The snag is that testing is required when building apps both for consumer/customer-facing solutions and also proprietary tools for internal use. 

This is where MacStadium’s new solution comes in. 

Orka Desktop, for free local virtualization

Orka Desktop is a free macOS virtualization tool that lets you deploy virtual Macs locally. What this means to developers, of course, is that they can more easily test apps on virtual Macs, which should help accelerate and democratize the development process.

This is particularly handy as single-use VMs provide trustworthy test results because they act as fresh installs, and subsequent testing takes place on a brand new VM. Use of such ephemeral VMs is becoming an industry standard approach in DevOps.

“Developers regularly use virtualization tooling, but most aren’t aware of the fundamental differences and optimizations that tools can provide for Mac,” said Jason Davis, MacStadium’s chief product officer.

There is a real need for these kinds of tools. One report on Apple use in the enterprise found that three-quarters (76%) of businesses are now using more Apple devices, so it is inarguable that a market for these tools exists.

What does Orka Desktop do?

The developers have put together a consumer-simple, deceptively capable user interface to support the virtual machines; it makes it easier to make changes to those machines from local machines to the cloud.

“Orka Desktop provides the tools to allow developers to create many different macOS image versions locally, commit those into a shared repository, and pass them around for collaboration,” MacStadium CTO Chris Chapman said in a statement. 

Orka Desktop is available now. Useful and powerful features within the system include the following:

• You can start, stop, pause, and configure VMs easily from within the Orka Desktop admin panel.
• Free local macOS virtualization provides developers with tools to create, package, and distribute VMs easily without cost.
• Users get near-native performance on Apple Silicon, with virtualization overhead as low as 5%.
• Developers can build and share Open Container Initiative (OCI) images, which helps improve collaboration and sharing on projects.
• The ability to wrap and compress virtual machines using OCI means the size of the disk image can shrink, so a 90GB image becomes a 15GB equivalent, which makes it easier to move the images around. OCI also allows teams to work with most standards-based registries.
• An easy-to-use GUI interface supports actions on VMs from local machines to the cloud, enhancing efficiency and flexibility.

Existing Orka customers can use Orka Desktop as an extension of their current MacStadium Orka Cluster, which makes it easier to switch from local to global development clusters and product deployment. This enhances team collaboration and offers safer, more reliable testing environments.

Why use VMs?

There are lots of reasons to use of VMs in development. Not only are they inherently easier to secure, but they can be adapted to simulate different hardware configurations — far more cost effective than using actual hardware test machines. They also provide distribution and simulation testing benefits for collaborative development groups.

Of course, this solution isn’t there for Windows or Linux VMs, (for that you may end up working with Parallels or Mac cloud services such as those from MacStadium and/or Amazon), but for Mac and iOS development Orka Desktop makes a lot of sense. Apple also seems to recognize the need to run VMs and recently introduced iCloud support to VM macs.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

More by Jonny Evans:

• Apple agrees to open up Apple Pay in Europe
• Apple removes VPN apps in Russia; here’s what to do next
• Microsoft employees must use Apple iPhones in China

Security professionals and system administrators face growing cyber threats in today's digital environment, making defending systems increasingly challenging. A recent discovery by Phylum revealed a sophisticated large-scale operation targeting Node Package Manager (npm) , GitHub repositories, and Content Delivery Networks (CDNs) via trojanized versions of the jQuery JavaSecript library .

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target Newsroomhttp://www.blogger.com/profile/[email protected]