Tag Archive for: Microsoft’s

Review board to issue report detailing Microsoft’s lapses in China hack: report

/in


The US Cyber Safety Review Board is expected to issue a report detailing lapses by Microsoft that led to a targeted Chinese hack of top US government officialsemails last year, the Washington Post reported on Tuesday.
The intrusion, which ransacked the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals around the world, was “preventable” and “should never have occurred”, the Washington Post said, citing the report.”While no organization is immune to cyberattack from well-resourced adversaries, we have mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks,” Microsoft said.

Elevate Your Tech Prowess with High-Value Skill Courses

Offering College Course Website
Indian School of Business ISB Professional Certificate in Product Management Visit
Indian School of Business ISB Product Management Visit
IIM Kozhikode IIMK Advanced Data Science For Managers Visit

“Our security engineers continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries. We will also review the final report for additional recommendations,” it added.

The Cyber Safety Review Board did not immediately respond to a Reuters request for comment.

Last year, the tech giant said the Chinese hack of senior officials at the US State and Commerce departments stemmed from the compromise of a Microsoft engineer’s corporate account penetrated by a hacking group it dubbed Storm-0558.

Discover the stories of your interest

The hack is alleged to have stolen hundreds of thousands of emails from top American officials including Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.

The Cyber Safety Review Board’s report blames shoddy cybersecurity practices, lax corporate culture and a deliberate lack of transparency over what Microsoft knew about the origins of the breach, according to the Washington Post.

Source…

Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities

/in


Microsoft has released a substantial set of patches in its February 2024 Patch Tuesday. This update is particularly significant as it addresses a total of 73 vulnerabilities, which includes two zero-day exploits that have been detected in active use by cyber criminals. Among the vulnerabilities patched, five have been classified as critical due to their potential to cause serious harm, such as denial of service, remote code execution, information disclosure and elevation of privileges. Read on for more details.  

What are the zero-days mentioned in Microsoft’s February 2024 Patch Tuesday?  

The two zero-day vulnerabilities that have been actively exploited are particularly concerning: 

  • CVE-2024-21351: This is a Windows SmartScreen bypass vulnerability. SmartScreen is designed to warn users about running unrecognized applications that could potentially be harmful. The exploitation of this vulnerability could lead to unauthorized data exposure or render systems unavailable. 
  • CVE-2024-21412: This vulnerability is a security feature bypass flaw. It allows attackers to carry out their attacks without triggering the security checks that are in place to prevent such incidents. 

The implications of these vulnerabilities are severe, as they can be used to compromise user data, disrupt business operations and gain unauthorized access to sensitive information. The complete list of resolved vulnerabilities in the February 2024 Patch Tuesday updates can be viewed in the full report. 

What is Nuspire doing? 

In response to these updates, Nuspire has taken immediate action by applying the patches as recommended by the vendor. In addition to patching, Nuspire’s security team is actively threat hunting within client environments to detect any signs of compromise that might indicate the exploitation of these vulnerabilities. 

What should I do? 

It is crucial for organizations to take proactive measures to protect their systems and data from these vulnerabilities. Here are the recommended steps: 

  • Prioritize Patching: Given the active exploitation of the two zero-days, organizations should prioritize patching these vulnerabilities. The sooner these patches are applied, the less…

Source…

A security researcher has been sentenced for hacking into Nintendo and Microsoft’s servers

/in


A former security researcher at MalwareBytes, Zammis Clark, was sentenced earlier this week for breaching into Microsoft and Nintendo network servers and stealing confidential data, as well as usernames and passwords, according to The Verge. The attacker had also uploaded malware to the servers.

Clark, who was still working for MalwareBytes at the time of the Microsoft attack in January of 2017, had stolen around 43,000 files from the Redmond company’s servers thanks to the attack. After gaining access to the servers, he shared that access with other users on the internet as well, including Thomas Hounsell, who is known for running the now-defunct BuildFeed website. Hounsell used this route to gain information on Microsoft’s products through nearly 1,000 queries over a period of 17 days.

Clark was eventually arrested for his actions in June of 2017, but was released without any restrictions on computer use, so in March of last year, Nintendo also came under attack by the hacker. Clark gained access to the company’s game development servers and stole 2,365 usernames and passwords until he was caught in May. Between the Nintendo and Microsoft breaches, Clark caused damages anywhere between $2.9 and $3.8 million.

Clark had also been involved in a previous security breach around Vtech’s children toys in 2015, but hadn’t been accused since the company didn’t collaborate with the prosecution on the case and Clark walked free.

Clark will at least avoid any prison time, provided that no additional crimes are committed. Due to his autism and face blindness, in addition to the fact that Clark pleaded guilty to the attacks, Judge Alexander Miller decided that prison would be disproportionally harsh for the hacker. He was sentenced to 15 months of imprisonment, suspended for 18 months. He was also granted a Serious Crime Prevention Order which will mean an unlimited fine and up to five years of prison time should he commit any serious offenses for the next five years.

Thomas Hounsell, on the other hand, was sentenced to just six months of imprisonment, but the sentence…

Source…

Explained | How did a China-based hacking group compromise Microsoft’s cloud security? 

/in


The story so far: In July, Microsoft said that a China-based hacking group breached U.S. government-linked email accounts. The company said the group identified as Storm-0558, gained access to email accounts of 25 organisations, including Western European government agencies, email accounts from top American officials such as Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink. The attacks stemmed from the compromise of a Microsoft engineer’s corporate account. The company further explained that hackers were able to extract a cryptographic key from the engineer’s account to access into email accounts. The flaw has been fixed now.

When did the attacks start?

The attack on email accounts of American government officials was first noticed when customers reported abnormal activity on June 16. Microsoft then began an investigation which revealed that from May 15, Storm-0558 gained access to email accounts affecting approximately 25 organisations in the public cloud including government agencies as well as related customer accounts of individuals associated with them.

What is Storm-0558?

Microsoft Threat Intelligence “with moderate confidence” assessed that Storm-0558 is a China-based threat actor with activities and methods consistent with espionage objectives. The group is thought to operate as its own distinct group and its core working hours are consistent with working hours in China, Microsoft said in a blog post.

In the past, the group has been seen to have primarily targeted U.S. and European diplomatic, economic, and legislative governing bodies, and individuals connected to Taiwan and Uyghur geopolitical interests. The group has been targeting Microsoft accounts since August 2021 and had reportedly obtained credentials for initial access through phishing campaigns and exploited vulnerabilities in public-facing applications to gain access to victims’ networks.

How did the threat actors breach Microsoft’s security?

The China-based threat actor was able to compromise Microsoft’s cloud security systems by using an acquired MSA key to forge tokens to access Outlook Web Access…

Source…