Apple is refuting rumors that it ever let advertisers target users based on Siri recordings in a statement published Wednesday evening describing how Siri works and what it does with data.

The section specifically responding to the rumors reads:

Apple has never used Siri data to build marketing profiles, never made it available for advertising, and never sold it to anyone for any purpose. We are constantly developing technologies to make Siri even more private, and will continue to do so.

The conspiracy theory the company is responding to resurfaced last week after Apple agreed to pay $95 million to settle a lawsuit over users whose conversations were captured by its Siri voice assistant and potentially overheard by human employees.

While Apple’s settlement addresses an issue that The Guardian reported in 2019. The report showed human contractors tasked with reviewing anonymized recordings and grading whether the trigger was activated intentionally, would sometimes receive recordings of people discussing sensitive information. But it doesn’t include any reference to selling data for marketing purposes.

After The Guardian’s report in 2019, Apple apologized and changed its policy, making the default setting not to retain audio recordings from Siri interactions and saying that for users who opt-in to sharing recordings, those recordings would not be shared with third-party contractors.

However, reports about the settlement noted that in earlier filings like this one from 2021, some of the plaintiffs claimed that after they mentioned brand names like “Olive Garden,” “Easton bats,” “Pit Viper sunglasses,” and “Air Jordans,” they were served ads for corresponding products, which they attributed to Siri data.

Apple’s statement tonight says it “does not retain audio recordings of Siri interactions unless users explicitly opt in to help improve Siri, and even then, the recordings are used solely for that purpose. Users can easily opt-out at any time.”

Facebook responded to similar theories in 2014 and 2016 before Mark Zuckerberg addressed it directly, saying “no” to the question while being grilled by Congress over the Cambridge Analytica scandal in 2018.

So, if Apple (and Facebook, Google, etc.) is telling the truth, then why would you see an ad later for something you only talked about?

There are other explanations, and attempts to check the rumors out include an investigation in 2018 that didn’t find evidence of microphone spying but did discover that some apps secretly recorded on-screen user activity that they shipped to third parties.

Ad targeting networks also track data from people logged onto the same network or who have spent time in the same locations, so even if one person didn’t type in that search term, maybe someone else did. They can buy data from brokers who collect reams of detailed location tracking and other info from the apps on your phone, and both Google and Facebook pull in data from other companies to build out profiles based on your purchasing habits and other information.

The expanding attack surface is creating more opportunities for exploitation and adding to the pressure on security leaders and teams. Increasingly, organizations are investing in managed detection and response services (MDR) to bolster their security operations center (SOC) and meet the challenge. Demand is growing rapidly: according to Frost & Sullivan, the market for MDR is expanding at a rate of 35.2% annually.¹   

While there are new vendors launching MDR services regularly, many security teams are turning to Microsoft Defender Experts for XDR, a recognized leader, to deliver comprehensive coverage.¹ Employed worldwide by organizations across industries, Microsoft’s team of dedicated experts proactively hunts for cyberthreats and triages, investigates, and responds to incidents on a customer’s behalf around the clock across their most critical assets. Our proven service brings together in-house security professionals and industry-leading protection with Microsoft Defender XDR to help security teams rapidly stop cyberthreats and keep their environments secure.² 

Frost & Sullivan names Microsoft Defender Experts for XDR a leader in the Frost Radar™ Managed Detection and Response for 2024.¹ 

Reduce the staffing burden, improve security coverage, and focus on other priorities

Microsoft Defender Experts for XDR improves operational efficacy greatly while elevating an organization’s security posture to a new level. The team of experts will monitor the environment, find and halt cyberthreats, and help contain incidents faster with human-led response and remediation. With Defender Experts for XDR, organizations will expand their threat protection capabilities, reduce the number of incidents over time, and have more resources to focus on other priorities.

More experts on your side

Scaling in-house security teams remains challenging. Security experts are not only scarce but expensive. The persistent gap in open security positions has widened to 25% since 2022, meaning one in four in-house security analyst positions will remain unfilled.³ In the Forrester Consulting New Technology Project Total Economic Impact study, without Defender Experts for XDR, the in-house team size for the composite organization would need to increase by up to 30% in mid-impact scenario or 40% in high-impact scenario in year one to provide the same level of threat detection service.⁴ When you consider the lack of available security talent, increasing an in-house team size by 40% poses significant security concerns to CISOs. Existing security team members won’t be able to perform all the tasks required. Many will be overworked, which may lead to burnout.

With more than 34,000 full-time equivalent security engineers, Microsoft is one of the largest security companies in the world. Microsoft Defender Experts for XDR reinforces your security team with Microsoft security professionals to help reduce talent gap concerns. In addition to the team of experts, customers have additional Microsoft security resources to help with onboarding, recommendations, and strategic insights.

“Microsoft has the assets and people I needed. All the technologies, Microsoft Azure, and a full software stack end-to-end, all combined together with the fabric of security. Microsoft [Defender Experts for XDR] has the people and the ability to hire and train those people with the most upmost skill set to deal with the issues we face.”

—Head of Cybersecurity Response Architecture, financial services industry

Accelerate and expand protection against today’s cyberthreats

Microsoft Defender Experts for XDR deploys quickly. That’s welcome news to organizations concerned about maturing their security program and can’t wait for new staffing and capabilities to be developed in-house. Customers can quickly leverage the deep expertise of the Microsoft Defender Experts for XDR team to tackle the increasing number of sophisticated threats. 

CISOs and security teams know that phishing attacks continue to rise because cybercriminals are finding success. Email remains the most common method for phishing attacks, with 91% of all cyberattacks beginning with a phishing email. Phishing is the primary method for delivering ransomware, accounting for 45% of all ransomware attacks. Financial institutions are most targeted at 27.7% followed by nearly all other industries.⁵

According to internal Microsoft Defender Experts for XDR statistics, roughly 40% of halted threats are phishing.

Microsoft Defender Experts for XDR is a managed extended detection and response service (MXDR). MXDR is an evolution of traditional MDR services, which primarily focuses on endpoints. Our MXDR service has greater protection across endpoints, email and productivity tools, identities, and cloud apps—ensuring the detection and disruption of many cyberthreats, such as phishing, that would not be covered by endpoint-only managed services. That expanded and consolidated coverage enables Microsoft Defender Experts for XDR to find even the most emergent threats. For example, our in-house team identified and disrupted a significant Octo Tempest operation that was working across previously siloed domains. 

The reduction in the likelihood of breaches with Microsoft Defender Experts for XDR is roughly 20% and is worth $261,000 to $522,000 over three years with Defender Experts.⁴

In addition to detecting, triaging, and responding to cyberthreats, Microsoft Defender Experts for XDR publishes insights to keep organizations secure. That includes recent blogs on file hosting services abuse and phishing abuse of remote monitoring and management tools. As well, the MXDR service vetted roughly 45 indicators related to adversary-in-the-middle, password spray, and multifactor authentication fatigue and added them to Spectre to help keep organizations secure.

From September 2024 through November 2024, Microsoft Security published multiple cyberthreat articles covering real-world exploration topics such as Roadtools, AzureHound, Fake Palo Alto GlobalProtect, AsyncRAT via ScreenConnect, Specula C2 Framework, SectopRAT campaign, Selenium Grid for Cryptomining, and Specula.

“The Microsoft MXDR service, Microsoft Defender Experts for XDR, is helping our SOC team around the clock and taking our security posture to the next level. On our second day of using the service, there was an alert we had previously dismissed, but Microsoft continued the investigation and identified a machine in our environment that was open to the internet. It was created by a threat actor using a remote desktop protocol (RDP). Microsoft Defender Experts for XDR’s MXDR investigation and response to remediate the issue was immediately valuable to us.”

—Director of Security Operations, financial services industry

Halt cyberthreats before they do damage

In 2024 the mean time for the average organization to identify a breach was 194 days and containment 64 days.⁶  Organizations must proactively look for cyberattackers across unified cross-domain telemetry versus relying solely on disparate product alerts. Proactive threat hunting is no longer a nice-to-have in an organization’s security practice. It’s a must-have to detect cyberthreats faster before they can do significant harm.

When every minute counts, Microsoft Defender Experts for XDR can help speed up the detection of an intrusion with proactive threat hunting informed by Microsoft’s threat intelligence, which tracks more than 1,500 unique cyberthreat groups and correlates insights from 78 trillion security signals per day.⁷

Microsoft Defender Experts for Hunting proactively looks for threats around the clock across endpoints, email, identity, and cloud apps using Microsoft Defender and other signals. Threat hunting leverages advanced AI and human expertise to probe deeper and rapidly correlate and expose cyberthreats across an organization’s security stack. With visibility across diverse, cross-domain telemetry and threat intelligence, Microsoft Defender Experts for Hunting extends in-house threat hunting capabilities to provide an additional layer of threat detection to improve a SOC’s overall threat response and security efficacy.

In a recent survey, 63% of organizations saw a measurable improvement in their security posture with threat hunting. 49% saw a reduction in network and endpoint attacks along with more accurate threat detection and a reduction of false positives.⁸

Microsoft Defender Experts for Hunting enables organizations to detect and mitigate cyberthreats such as advanced persistent threats or zero-day vulnerabilities. By actively seeking out hidden risks and reducing dwell time, threat hunting minimizes potential damage, enhances incident response, and strengthens overall security posture.

Microsoft Defender Experts for XDR, which includes Microsoft Defender Experts for Hunting, allows customers to stay ahead of sophisticated threat actors, uncover gaps in defenses, and adapt to an ever-evolving cyberthreat landscape.

“Managed threat hunting services detect and address security threats before they become major incidents, reducing potential damage. By implementing this (Defender Experts for Hunting), we enhance our cybersecurity posture by having experts who continuously look for hidden threats, ensuring the safety of our data, reputation, and customer trust.”

—CISO, technology industry

Spend less to get more

Microsoft Defender Experts for XDR helps CISOs do more with their security budgets. According to a 2024 Forrester Total Economic Impact™ study, Microsoft Defender Experts for XDR generated a project return on investment (ROI) of up to 254% with a projected net present value of up to $6.1 million for the profiled composite company.⁴

Microsoft Defender Experts for XDR includes trusted advisors who provide insights on operationalizing Microsoft Defender XDR for optimal security efficacy. This helps reduce the burden on in-house security and IT teams so they can focus on other projects.

Beyond lowering security operations costs, the Forrester study noted Microsoft Defender Experts for XDR efficiency gains for surveyed customers, including a 49% decrease in security-related IT help desk tickets. Other productivity gains included freeing up 42% of available full time employee hours and lowering general IT security-related project hours by 20%.⁴

Learn how Microsoft Defender Experts for XDR can improve organizational security

Microsoft Defender Experts for XDR is Microsoft’s MXDR service. It delivers round-the-clock threat detection, investigation, and response capabilities, along with proactive threat hunting. Designed to help close the security talent gap and enhance organizational security postures, the MXDR service combines Microsoft’s advanced Microsoft Defender XDR capabilities with dedicated security experts to tackle cyberthreats like phishing, ransomware, and zero-day vulnerabilities. Offering rapid deployment, significant ROI (254%, as per Forrester), and operational efficiencies, Microsoft Defender Experts for XDR reduces incident and alerts volume, improves the security posture, and frees up in-house resources. Organizations worldwide benefit from these scalable solutions, leveraging Microsoft’s threat intelligence and security expertise to stay ahead of evolving cyberthreats.

To learn more, please visit Microsoft Defender Experts for XDR or contact your Microsoft security representative.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

---

¹Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, 2024, Srikanth Shoroff. March 25, 2024.

²Microsoft a Leader in the Forrester Wave for XDR, Microsoft Security Blog. June 3, 2024.

³ISC2 Cybersecurity Workforce Report, 2024.

⁴Forrester Consulting study commissioned by Microsoft, 2024, New Technology: The Projected Total Economic Impact™ of Microsoft Defender Experts For XDR.

⁵2024 Phishing Facts and Statistics, Identitytheft.org.

⁶Time to identify and contain data breaches global 2024, Statista.

⁷Microsoft Digital Defense Report, 2024.

⁸SANS 2024 Threat Hunting Survey, March 19, 2024.

The post Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response appeared first on Microsoft Security Blog.

Celebrate the public domain with the Internet Archive in the following ways:

• Register for our Public Domain Day celebrations on January 22 – both virtual and in-person.
• Submit a short film to our Public Domain Film Remix contest.
• Explore the works that have entered the public domain in 2025, below.

On January 1, 2025, we celebrate published works from 1929 and published sound recordings from 1924 entering the public domain! The passage of these works into the public domain celebrates our shared cultural heritage. The ability to breathe new life into long forgotten works, remix the most popular and enduring works of the time, and to better circulate the oddities we find in thrift stores, attics, and on random pockets of the internet are now freely available for us all.

While not at the same blockbuster level as 2024 with Steamboat Willie’s passage into the public domain, works from 1929 still inhabit strong cultural significance today. The works of 1929 continue to capture the Lost Generation’s voice, the rise of sound film, and the emerging modern moment of the 1920s. 

Musical Compositions

Show tunes and Jazz dominated the year with many standards that we remember today first being published. While best known for the 1952 film of the same name, Singin’ in the Rain was first published in 1929 and serves as the inspiration for our remix contest this year. George Gershwin also officially published (and copyrighted) his suite An American in Paris following a premiere in late 1928.

Below is sheet music for some popular compositions of the time.

• Singin’ in the Rain
• Wedding of the Painted Doll
• You Were Meant For Me
• Am I Blue?
• Ain’t Misbehavin’
• What Is This Thing Called Love?
• Bolero

Literature

Reflections on World War I continued with A Farewell to Arms by Ernest Hemingway, the first English translation of All Quiet on the Western Front, and Richard Aldington’s Death of a Hero. William Faulkner published his modernist novel The Sound and the Fury. A. A. Milne followed up 1928’s The House at Pooh Corner by adapting The Wind in the Willows into the play Toad of Toad Hall. Detective fiction thrived in 1929, with The Maltese Falcon serialized in Black Mask, Agatha Christie captivating readers with The Seven Dials Mystery, and the first Ellery Queen novel, The Roman Hat Mystery, making its debut. Explore our 1929 periodicals to find more hidden detective gems.

While not a towering work of literature, the first set of comic strips featuring Popeye also are joining the public domain. Popeye first made an appearance in Thimble Theatre on January 17, 1929. Initially just a side character for an adventure arc featuring gambling and sailing, Popeye rose quickly to fame. By February 4, 1931 the Thimble Theatre would feature a subtitle, Starring Popeye, before being renamed just Popeye later on.

Below is a further selection of works from the year:

• Rope by Patrick Hamilton
• A Room of One’s Own by Virginia Woolfe
• A High Wind in Jamaica by Richard Hughes
• Is Sex Necessary? Or, Why You Feel the Way You Do by E. B. White and James Thurber
• Look Homeward, Angel by Thomas Wolfe

Dive into Archive’s literary collection to unearth more classics from 1929.

Films

Last year Mickey Mouse made a splash with Steamboat Willie cruising into the public domain. This year TWELVE more Mickey shorts join to flesh out the notable events of Mickey’s young career. He speaks his first words in The Karnival Kid, he wears gloves for the first time in The Opry House, and Ub Iwerks leaves the studio at year’s end with Wild Waves. Disney animation also kickstarted their Silly Symphonies series with the haunting tales The Skeleton Dance and Hell’s Bells.

In 1929, if your film wanted to have any attention it needed sound. Musical films were everywhere with The Broadway Melody winning the second ever Best Picture award at the Oscars, The Hollywood Revue introducing the world to “Singin’ in the Rain”, and the Marx Brothers making their big screen debut with The Cocoanuts.

Below is a list of more significant films from the year:

• All Americans (dir. Joseph Santley)
• Blackmail (dir. Alfred Hitchcock)
• Lambchops (dir. Murray Roth)
• The Wild Party (dir. Dorothy Arzner)
• Spite Marriage (dir. Buster Keaton and Edward Sedgwick)
• Say It with Songs (dir. Lloyd Bacon)
• Hallelujah (dir. King Vidor)
• Welcome Danger (dir. Clyde Bruckman and Malcolm St. Clair)
• The Black Watch (dir. John Ford)
• The first five Silly Symphonies (dir. Walt Disney or Ub Iwerks)

Our film remix contest is ongoing until January 17, 2025, so please upload your submissions! Read more here.

Additional resources

• Learn more about what’s moving into the public domain in 2025 from Jennifer Jenkins and James Boyle of Duke Law’s Center for the Study of the Public Domain.
• Check out the Public Domain Game Jam from Techdirt.
• Public Domain Review highlights the materials moving into the public domain in 2025.
• Interested in what’s happening with the public domain in Europe? Communia is hosting a one-day event on January 9 in Brussels.

In honor of Public Domain Day, this post is published with a CC0 Waiver dedicating it to the public domain.

 

New year, old good habits! 

On 15th January we'll be hosting the first Discord Community Roundtable of the year, with Cenyu Zhang - Azure AI Engineering Principal PM - as special guest.🌟

When? 15th January at 8AM PST (5PM CET) 

What? Join us for an exciting session on what's new with Azure AI Speech Services! Learn about the latest features and enhancements from AI Speech (Fast Transcription, Real-time & Video Translation, Text to Speech, Avatar), and how these new features can transform customer’s business, streamline the workflows and add values in many of the use case scenarios. Stay ahead of the curve and harness the power of Azure AI! This is an opportunity you won't want to miss!

Where? Join the Azure AI Discord Server Community at aka.ms/genai-discord to tune in 

Azure AI Community on Discord

The Azure AI Community on Discord is the place to connect with other AI engineers, developers and enthusiasts like you. It will help you stay current in the AI field and find the support you need from Microsoft ftes and community when building your AI solutions with Azure.

Also, you'll get the opportunity to jump on free regular community roundtables like this one and bring your questions to the table.

Join the community now -> aka.ms/genai-discord

Community Roundtable Guest

Cenyu Zhang - our speaker

Cenyu Zhang is a Principal PM as part of Azure AI Engineering team and currently works to drive the adoption & GTM strategy of several AI services, including Speech, Avatar and AI Agent. Before joining AI engineering team, he was with Microsoft Japan and responsible for several Japanese enterprise accounts including NTT and Fujitsu. Before joining Microsoft, Cenyu was a product manager for most of his career.

Good news for everyone - GitHub Copilot is now available for free in VS Code!! 

Excited to try GitHub copilot for Azure in VSCode?  

Prerequisites: 

1. Account in GitHub 
2. Sign up for GitHub Copilot  
3. Account in Azure 
4. Install VSCode 

Step 1. Installation 

1. How to install GitHub Copilot for Azure? 

Open VS Code, in the leftmost panel, click on Extensions, type – ‘GitHub copilot for azure’, and install the first result which is by Microsoft. As shown in the Fig. 1.1 below: 

Fig. 1.1 How to install GitHub Copilot for Azure in VSCode

2. After this installation, you will be prompted to install – GitHub Copilot, Azure Tools, and other required installations. Click on allow and install all required extensions from the same method, as used above. 

 Fig. 1.1.1 Installation of GitHub Copilot and sign in with GitHub 

Step 2: Enable 

1. How to enable GitHub Copilot in GitHub? 

Open GitHub, Click on top rightmost Profile pic, a left panel will open. 
Click on Your Copilot.  

 Fig. 1.2 Locate GitHub Copilot 

Upon opening, enable it for IDE, as shown in the below Fig. 1.3 

Fig. 1.3 Enabling Copilot Chat in the IDE 

Step 3: Walkthrough 

1. Open VSCode, and click on the GitHub Copilot icon from topmost right side. This will open the GitHub Copilot Chat. From here, you can customize the model type and Send commands. 
   Type azure to work with Azure related tasks. Below Fig. 1.4 will help to locate the things smoothly: 

 Fig. 1.4 Locating GitHub Copilot Chat in VSCode 

Scenario: Using the GitHub Repository 

If you have any of your project already available in the GitHub public repository, then paste the link of it in the chat section and append it with the below prompt: 

Prompt: This is my website deployed locally in GitHub, help me deploy in Azure. 

Hit Enter from the keyboard or Click the arrow sign, and proceed further with the instructions generated by the Copilot. 

Note: You will be prompted to Authenticate your Azure Account, simply follow the instructions said to authenticate. 

If you don’t have any website, paste the prompt written below in the chat section: 

Prompt: Could you help me create and deploy a simple Flask website by using an azd template? 

 Fig. 1.5 Reply from GitHub Copilot for Azure 

As visible in the above Fig. 1.5, the GitHub Copilot for Azure will send template in the response. Hover the arrow over it, and then click on Insert into terminal, this will automatically insert the command in the terminal. Meanwhile, you may need to Authenticate your Azure Account, simply follow the instructions said to authenticate.  

It will take a few minutes to initialize. Meanwhile, answer the questions it asks, if unsure, simply ask the same question by copy pasting in the GitHub Copilot Chat, and it will guide you. You can ask more questions like: 

1. What does azd init command do? 
2. How the website will be deployed? 
3. What region, should I select? 

Once, you are clear with all of the doubts, type azd up command in the terminal, this will deploy the website in azure. 

 Fig. 1.6 GitHub Copilot guiding the user to deploy 

This Command will ask which subscription you want to use to deploy your website. 

 Fig. 1.7 Finding Subscription in Azure Portal 

Open the Azure portal, and type subscription in the search bar, as visible in Fig. 1.7. Click the first result and copy paste the Subscription ID visible there, to the GitHub Copilot chat, and append something like below: 

• <Subscription ID> This is my Azure Subscription ID, deploy my website using it. <I reside in <Country Name> 

Once, done, you would be able to view the deployed website along with the new resources created in the Azure Portal. 

To un-deploy it, to free up the Azure resources, ask the same to GitHub Copilot, and it will guide you further! 

Tips and Tricks: 

1. For any error or Questions, directly ask to GitHub Copilot for Azure and it will answer your all queries, no limit! 
2. If unsure about anything, just paste the subscription id and share your country in the chat to get customized queries to run! 

Summary: 

1. GitHub Copilot can be used in VS Code for free, by installing thru extensions tab of VS Code. 
2. The deployment is done using just 2 commands: azd init and azd up 
3. To un-deploy, simply visit the directory and type azd down 

Happy 2025 with unlimited experiments using GitHub Copilot for Azure @VSCode for free! 

---