Tag Archive for: ‘led

Trail of Errors Led to Chinese Hack of Microsoft Cloud Email

/in


Cyberwarfare / Nation-State Attacks
,
Encryption & Key Management
,
Fraud Management & Cybercrime

Crash Dump Snapshot Included Active Signing Key

Mihir Bagwe (MihirBagwe) •
September 7, 2023    

Trail of Errors Led to Chinese Hack of Microsoft Cloud Email
Image: Shutterstock

Chinese hackers were able to access the email accounts of senior U.S. officials after Microsoft included an active digital signing key in a snapshot of data taken to analyze a crash of its consumer signing system in April 2021.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

Inclusion of the key in the crash dump was just one of many mishaps leading to a China-based espionage hacking group Microsoft tracks as Storm-0558 gaining access to email accounts tied to 25 different organizations, including the U.S. Departments of State and Commerce (see: Hackers Stole Signing Key, Hit US Government’s Microsoft 365).

Microsoft detailed the chain of events leading to the hack in a Wednesday blog post. The email hacks started May 15 and went undetected for a month, coinciding with a European Parliament meeting on China policy and U.S. diplomatic trips to China. Tensions between the U.S. and China are mounting amid concern over Chinese aggression in the South China Sea and American steps to restrict Beijing’s access to advanced technology (see: US Restricts Investment in Chinese AI, Other Technologies).

The computing giant has previously acknowledged that the Chinese hackers were able to create their own authentication tokens to access cloud-based Outlook email accounts using a digital key from Microsoft’s signing system.

The crash dump contained the…

Source…

Microsoft Reveals How a Crash Dump Led to a Major Security Breach

/in


Sep 07, 2023THNCyber Attack / Email Hacking

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account.

This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key. The system crash took place in April 2021.

“A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (‘crash dump’),” the Microsoft Security Response Center (MSRC) said in a post-mortem report.

“The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump. The key material’s presence in the crash dump was not detected by our systems.”

The Windows maker said the crash dump was moved to a debugging environment on the internet-connected corporate network, from where Storm-0558 is suspected to have acquired the key after infiltrating the engineer’s corporate account.

Cybersecurity

It’s not currently not known if this is the exact mechanism that was adopted by the threat actor since Microsoft noted it does not have logs that offer concrete proof of the exfiltration due to its log retention policies.

Microsoft’s report further alludes to spear-phishing and the deployment of token-stealing malware, but it did not elaborate on the modus operandi of how the engineer’s account was breached in the first place, if other corporate accounts were hacked, and when it became aware of the compromise.

That said, the latest development offers insight into a series of cascading security mishaps that culminated in the signing key ending up in the hands of a skilled actor with a “high degree of technical tradecraft and operational security.”

Storm-0558 is the moniker assigned by Microsoft to a hacking group that has been linked to the breach of approximately 25 organizations using the consumer signing key and obtaining unauthorized access to Outlook Web Access (OWA) and Outlook.com.

The zero-day issue was blamed on a validation error that allowed the key to be…

Source…

How UV-C LED Technology is Revolutionizing Internet Connectivity

/in


Exploring the Impact of UV-C LED Technology on Internet Connectivity Revolution

UV-C LED technology is making waves in the world of internet connectivity, promising to revolutionize the way we access and use the internet. This groundbreaking technology is poised to offer faster, more reliable, and more secure internet connections, transforming the digital landscape and paving the way for a new era of connectivity.

UV-C LED technology, or ultraviolet light-emitting diode technology, is a relatively new development in the field of photonics. It harnesses the power of ultraviolet light, specifically UV-C light, which is a type of ultraviolet light that has a wavelength between 200 and 280 nanometers. This technology is already being used in a variety of applications, from sterilizing medical equipment to purifying water. However, its potential impact on internet connectivity is perhaps the most exciting application yet.

The key to UV-C LED technology’s potential lies in its ability to transmit data at incredibly high speeds. Traditional internet connections, such as those provided by fiber optic cables, are limited by the speed of light in a medium. UV-C LED technology, on the other hand, can transmit data at the speed of light in a vacuum, which is significantly faster. This means that internet connections powered by UV-C LED technology could potentially be hundreds, if not thousands, of times faster than current connections.

In addition to speed, UV-C LED technology also offers the potential for greater reliability. Traditional internet connections can be affected by a variety of factors, from physical damage to the cables to interference from other electronic devices. UV-C LED technology, however, is not susceptible to these issues. Because it uses light to transmit data, it is not affected by physical barriers or electronic interference. This means that it can provide a more stable and reliable internet connection, reducing the likelihood of dropped connections or slow speeds.

Perhaps one of the most significant benefits of UV-C LED technology is its potential to enhance internet security. Traditional internet connections are vulnerable to a variety of security…

Source…

EVERYONE in Cyber Security Should Understand Reversing (its EASY)

/in