Tag: Caused | SpinSafe

Hackers Beat Anti-Repair Software Locks That Caused Train Breakdowns

December 13, 2023/in Computer Security

A Polish train manufacturer has threatened to sue after a group of hackers accused the company of programming its products to inhibit independent repairs. The company’s software has reportedly caused trains to break down on purpose, and its circumvention has led the manufacturer to claim a conspiracy against it.

Poland’s Rynek Olejowy reports that rail operator Lower Silesian Railways (or Koleje Dolnośląskie) has been in a spat with Newag, producer of its Impuls 45WE hybrid multiple units. In June 2022, the railroad reportedly experienced multiple no-start failures with these trainsets in unrelated circumstances. In one case, the train stopped working after sitting out of service for a period, while in another it occurred following service at an independent train repair shop, SPS. Both reportedly resulted in fewer trains running than scheduled, impacting passenger service. (One Chinese railway had a similar incident when Adobe Flash was shut down.)

Newag reportedly claimed the trains had self-deactivated when their security software had been tampered with. However, a group of benevolent “white hat” hackers called Dragon Sector who were hired by SPS to assist have offered their own explanation: Newag used DRM to frustrate third-party repair efforts.

As reported in Polish outlet Onet, Dragon Sector said the trains were programmed to engage a software lockdown if they sat stationary for more than 10 days. This is believed to be an attack on independent repair, which has become a major battleground in recent years between consumers and companies like Apple, John Deere, and many across the car industry. Right-to-repair is combated in a variety of ways, from proprietary software and encryption that can only be read by the company itself to “parts pairing” according to 404 Media—a security measure against third-party service.

Not only does this make some devices impossible for the average user to repair, but it also can stop independent shops from fixing them at a lower cost than the manufacturer would demand. In extreme cases, this can leave consumers with no recourse if a manufacturer decides the product can’t be repaired, and…

Source…

Microsoft takes pains to obscure role in 0-days that caused email breach

July 14, 2023/in Internet Security

On Friday, Microsoft attempted to explain the cause of a breach that gave hackers working for the Chinese government access to the email accounts of 25 of its customers—reportedly including the US Departments of State and Commerce and other sensitive organizations.

In a post on Friday, the company indicated that the compromise resulted from three exploited vulnerabilities in either its Exchange Online email service or Azure Active Directory, an identity service that manages single sign-on and multifactor authentication for large organizations. Microsoft’s Threat Intelligence team said that Storm-0558, a China-based hacking outfit that conducts espionage on behalf of that country’s government, exploited them starting on May 15. Microsoft drove out the attackers on June 16 after a customer tipped off company researchers of the intrusion.

Above all else: Avoid the Z-word

In standard parlance among security professionals, this means that Storm-0558 exploited zero-days in the Microsoft cloud services. A “zero-day” is a vulnerability that is known to or exploited by outsiders before the vendor has a patch for it. “Exploit” means using code or other means to trigger a vulnerability in a way that causes harm to the vendor or others.

While both conditions are clearly met in the Storm-0558 intrusion, Friday’s post and two others Microsoft published Tuesday, bend over backward to avoid the words “vulnerability” or “zero-day.” Instead, the company uses considerably more amorphous terms such as “issue,” “error,” and “flaw” when attempting to explain how nation-state hackers tracked the email accounts of some of the company’s biggest customers.

“In-depth analysis of the Exchange Online activity discovered that in fact the actor was forging Azure AD tokens using an acquired Microsoft account (MSA) consumer signing key,” Microsoft researchers wrote Friday. “This was made possible by a validation error in Microsoft code.”

Later in the post, the researchers said that Storm-0558 acquired an inactive signing key…

Source…

Microsoft confirms recent service disruptions were caused by Russian hacking group

June 20, 2023/in Internet Security

In a recent blog post, Microsoft officially acknowledged that the disruptions to its services earlier this month were the result of deliberate hacks. The tech giant attributed the temporary unavailability of some of its services to ongoing Distributed Denial-of-Service (DDoS) attacks conducted by a threat actor identified as Storm-1359.

On June 5, Microsoft’s 365 software suite, including popular applications like Teams and Outlook, experienced an outage lasting over two hours, affecting thousands of users. A brief recurrence was witnessed the following morning. This incident marked the fourth major outage for Microsoft within the span of a year.

Although Microsoft has assigned a temporary designation to the attackers, indicating their affiliation has not yet been determined, a hacktivist group called Anonymous Sudan has claimed responsibility for the hack on the messaging platform Telegram.

Over the past decade, messaging platform Telegram, code management site GitHub, and network provider Dyn have all faced similar attacks. In Microsoft’s case, the hackers focused on causing disruption and seeking publicity. They utilized rented cloud infrastructure and virtual private networks to overwhelm Microsoft servers using botnets comprised of compromised computers worldwide.

Reassuringly, Microsoft has stated that there is no evidence suggesting that customer data has been accessed or compromised during these incidents. DDoS attacks typically aim to temporarily render targeted servers inaccessible through the influx of substantial internet traffic, employing relatively unsophisticated methods.

The recurrence of service disruptions raises concerns about the vulnerability of technology platforms to malicious attacks. Companies like Microsoft are continuously enhancing their security measures to thwart such incidents. Nevertheless, the sophistication and persistence of threat actors continue to present challenges for ensuring uninterrupted and secure digital services.

Microsoft has not disclosed the motive behind the recent DDoS attacks or whether it has identified the individuals or groups responsible for them. As investigations continue, users and organizations are advised to…

Source…