Tag: finally | Page 2

Microsoft finally explains cause of Azure breach: An engineer’s account was hacked

September 6, 2023/in Internet Security

Microsoft said the corporate account of one of its engineers was hacked by a highly skilled threat actor that acquired a signing key used to hack dozens of Azure and Exchange accounts belonging to high-profile users.

The disclosure solves two mysteries at the center of a disclosure Microsoft made in July. The company said that hackers tracked as Storm-0558 had been inside its corporate network for more than a month and had gained access to Azure and Exchange accounts, several of which were later identified as belonging to the US Departments of State and Commerce. Storm-0558 pulled off the feat by obtaining an expired Microsoft account consumer signing key and using it to forge tokens for Microsoft’s supposedly fortified Azure AD cloud service.

The disclosure left two of the most important questions unanswered. Specifically, how was a credential as sensitive as the consumer signing key stolen from Microsoft’s network, and how could it sign tokens for Azure, which is built on an entirely different infrastructure?

On Wednesday, Microsoft finally solved the riddles. The corporate account of one of its engineers had been hacked. Storm-0558 then used the access to steal the key. Such keys, Microsoft said, are entrusted only to employees who have undergone a background check and then only when they are using dedicated workstations protected by multi-factor authentication using hardware token devices. To safeguard this dedicated environment, email, conferencing, web research, and other collaboration tools aren’t allowed because they provide the most common vectors for successful malware and phishing attacks. Further, this environment is segregated from the rest of Microsoft’s network, where workers have access to email and other types of tools.

Those safeguards broke down in April 2021, more than two years before Storm-0558 gained access to Microsoft’s network. When a workstation in the dedicated production environment crashed, Windows performed a standard “crash dump,” in which all data stored in memory is written to disk so engineers can later diagnose the cause. The crash dump was later moved into Microsoft’s…

Source…

Proton Drive’s Secure Cloud Storage Finally Lands on Android, iOS

December 7, 2022/in Mobile Security

Proton today launched Android(Opens in a new window) and iOS(Opens in a new window) apps for its Proton Drive secure cloud storage service—a service it claims is “the most private and secure” available today.

The Swiss company is best known for its encrypted mail service Proton Mail launched in 2014, but has also launched Proton VPN (2017), Proton Calendar (2019), and most recently Proton Drive in 2020 for secure file storage. Now Proton Drive is finally coming to mobile devices(Opens in a new window).

Thousands of Proton community members participated in the beta test of Drive for iPhone, iPad, and Android devices. With the apps now available, users can upload files and photos from their smartphones and tablets, or access existing files stored in their Drive. The apps include an offline mode, allowing a user to activate offline access for a file or folder and retain access to it even if there’s no mobile signal or Wi-Fi connection available.

Recommended by Our Editors

Security comes in the form of Proton’s open-source and publicly-audited end-to-end encryption, which automatically protects the contents of files from prying eyes, and Proton can’t access the contents of files either. All data is stored on servers located in Switzerland and Germany, which Proton says ensures “strong legal and hardware protections.”

Beskar Ingot Bits and Bytes! Hands On With Seagate’s Mandalorian-Themed Hard Drive and M.2 SSD

Get Our Best Stories!

Sign up for What’s New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Source…

US Consumers Are Finally Becoming More Security & Privacy Conscious

October 6, 2022/in Mobile Security

A survey on US consumer attitudes toward online privacy and security holds some potentially good news for enterprise organizations in an era of work-from-home and hybrid work models.

The survey of 2,103 US adults, conducted by Consumer Reports (CR), showed substantial improvement in consumer cybersecurity and privacy practices over the past three years. Many more individuals appear aware of the security and privacy risks associated with their digital footprint, and have modified their behavior significantly to try and protect it better.

Some of the changes — such as a surge in the use of multifactor authentication (MFA) — appear tied to the fact that more and more organizations require it for accessing online accounts and services. That said, a lot of the behavioral changes are likely also being driven by a higher awareness of cyber-risks, several security experts say.

“The harsh reality is that the explosive growth in ransomware attacks and data breaches has raised awareness of cybersecurity to a level we’ve never seen before,” says Darren Guccione, CEO and co-founder at Keeper Security. “When people are unable to get fuel at the gas pump or their bank data is leaked on the Dark Web, they immediately understand the tangible impact cyberattacks can have on their personal lives.”

The trend has upside for enterprise organizations that are struggling to contain security challenges tied to the use of insecure home networks and devices by their work-from-home and remote employees. It could mean less of an uphill battle for them, says Brian Dunagan, vice president of engineering at Retrospect, a StorCentric company.

It suggests that people are taking communications regarding security directives seriously and are taking the time to read, learn, and ask questions if necessary — which is a notable shift.

“Now is the time for security leaders to make the case for increased security budgets, whether it is added personnel or added security technology solutions,” Dunagan says.

Significant Security Improvements for Consumers

When it comes to better consumer adoption of certain security practices, 88% of survey respondents, for instance, said they use what CR describes as strong passwords…

Source…

Student finally gets bank refund following unauthorised transfers

June 16, 2022/in Internet Security

Chong (left) meets Miss Tiong in Selangor to help in handling her complaint.

KUCHING (June 16): Democratic Action Party (DAP) Sarawak chairman Chong Chieng Jen has helped a Sarawakian student who is a victim of an unauthorised and illegal internet bank transfers.

Chong in a statement yesterday said after almost five months of distress and anxiety, the student who only wanted to be known as Miss Tiong who studies in Selangor, finally got her full refund of RM19,667.79 from her bank.

Chong said the girl had a savings account with Maybank Berhad.

“Sometime in January this year, Miss Tiong discovered that between Jan 8 and 17, there were 99 internet fund transfers from her savings account to some third-party accounts.

“All the transfers were carried out without her knowledge or authority. She also did not receive any OTP messages or notifications from the bank in respect of the said transfers. The total amount of the 99 internet transfers was RM19,667.79,” he said.

He added that Miss Tiong immediately lodged a police report and submitted a claim with the bank for the refund of the amount illegally transferred out from her account.

“Though the bank promised to investigate the matter within two months, she waited for months and yet there was no response. She subsequently sought help from me.

“Miss Tiong was under tremendous distress for months over her loss of RM19,667.79 which was money for her tertiary education.

“Yesterday (June 14), she finally received all the refunds of RM19,667.79 from Maybank.

“After weeks of public pressure on banks to refund their customers’ money illegally and unknowingly transferred from their customers’ account, and the directive issued by Bank Negara Malaysia to banks to compensate their customers for unauthorised transfers of funds, finally we see a positive outcome of this public outcry,” he said.

Chong, who is also Stampin MP and Padungan assemblyman, said this was the first case he came across in recent months that a bank has refunded its customers for the illegal and unauthorised transfer of funds.

“I am grateful that Maybank has acted positively and fairly in Miss Tiong’s case, though after some delay.

“I…

Source…

Tag Archive for: finally

Recommended by Our Editors

Get Our Best Stories!

Significant Security Improvements for Consumers