Tag Archive for: Microsoft’s

Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities


Microsoft has released a substantial set of patches in its February 2024 Patch Tuesday. This update is particularly significant as it addresses a total of 73 vulnerabilities, which includes two zero-day exploits that have been detected in active use by cyber criminals. Among the vulnerabilities patched, five have been classified as critical due to their potential to cause serious harm, such as denial of service, remote code execution, information disclosure and elevation of privileges. Read on for more details.  

What are the zero-days mentioned in Microsoft’s February 2024 Patch Tuesday?  

The two zero-day vulnerabilities that have been actively exploited are particularly concerning: 

  • CVE-2024-21351: This is a Windows SmartScreen bypass vulnerability. SmartScreen is designed to warn users about running unrecognized applications that could potentially be harmful. The exploitation of this vulnerability could lead to unauthorized data exposure or render systems unavailable. 
  • CVE-2024-21412: This vulnerability is a security feature bypass flaw. It allows attackers to carry out their attacks without triggering the security checks that are in place to prevent such incidents. 

The implications of these vulnerabilities are severe, as they can be used to compromise user data, disrupt business operations and gain unauthorized access to sensitive information. The complete list of resolved vulnerabilities in the February 2024 Patch Tuesday updates can be viewed in the full report. 

What is Nuspire doing? 

In response to these updates, Nuspire has taken immediate action by applying the patches as recommended by the vendor. In addition to patching, Nuspire’s security team is actively threat hunting within client environments to detect any signs of compromise that might indicate the exploitation of these vulnerabilities. 

What should I do? 

It is crucial for organizations to take proactive measures to protect their systems and data from these vulnerabilities. Here are the recommended steps: 

  • Prioritize Patching: Given the active exploitation of the two zero-days, organizations should prioritize patching these vulnerabilities. The sooner these patches are applied, the less…

Source…

A security researcher has been sentenced for hacking into Nintendo and Microsoft’s servers


A former security researcher at MalwareBytes, Zammis Clark, was sentenced earlier this week for breaching into Microsoft and Nintendo network servers and stealing confidential data, as well as usernames and passwords, according to The Verge. The attacker had also uploaded malware to the servers.

Clark, who was still working for MalwareBytes at the time of the Microsoft attack in January of 2017, had stolen around 43,000 files from the Redmond company’s servers thanks to the attack. After gaining access to the servers, he shared that access with other users on the internet as well, including Thomas Hounsell, who is known for running the now-defunct BuildFeed website. Hounsell used this route to gain information on Microsoft’s products through nearly 1,000 queries over a period of 17 days.

Clark was eventually arrested for his actions in June of 2017, but was released without any restrictions on computer use, so in March of last year, Nintendo also came under attack by the hacker. Clark gained access to the company’s game development servers and stole 2,365 usernames and passwords until he was caught in May. Between the Nintendo and Microsoft breaches, Clark caused damages anywhere between $2.9 and $3.8 million.

Clark had also been involved in a previous security breach around Vtech’s children toys in 2015, but hadn’t been accused since the company didn’t collaborate with the prosecution on the case and Clark walked free.

Clark will at least avoid any prison time, provided that no additional crimes are committed. Due to his autism and face blindness, in addition to the fact that Clark pleaded guilty to the attacks, Judge Alexander Miller decided that prison would be disproportionally harsh for the hacker. He was sentenced to 15 months of imprisonment, suspended for 18 months. He was also granted a Serious Crime Prevention Order which will mean an unlimited fine and up to five years of prison time should he commit any serious offenses for the next five years.

Thomas Hounsell, on the other hand, was sentenced to just six months of imprisonment, but the sentence…

Source…

Explained | How did a China-based hacking group compromise Microsoft’s cloud security? 


The story so far: In July, Microsoft said that a China-based hacking group breached U.S. government-linked email accounts. The company said the group identified as Storm-0558, gained access to email accounts of 25 organisations, including Western European government agencies, email accounts from top American officials such as Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink. The attacks stemmed from the compromise of a Microsoft engineer’s corporate account. The company further explained that hackers were able to extract a cryptographic key from the engineer’s account to access into email accounts. The flaw has been fixed now.

When did the attacks start?

The attack on email accounts of American government officials was first noticed when customers reported abnormal activity on June 16. Microsoft then began an investigation which revealed that from May 15, Storm-0558 gained access to email accounts affecting approximately 25 organisations in the public cloud including government agencies as well as related customer accounts of individuals associated with them.

What is Storm-0558?

Microsoft Threat Intelligence “with moderate confidence” assessed that Storm-0558 is a China-based threat actor with activities and methods consistent with espionage objectives. The group is thought to operate as its own distinct group and its core working hours are consistent with working hours in China, Microsoft said in a blog post.

In the past, the group has been seen to have primarily targeted U.S. and European diplomatic, economic, and legislative governing bodies, and individuals connected to Taiwan and Uyghur geopolitical interests. The group has been targeting Microsoft accounts since August 2021 and had reportedly obtained credentials for initial access through phishing campaigns and exploited vulnerabilities in public-facing applications to gain access to victims’ networks.

How did the threat actors breach Microsoft’s security?

The China-based threat actor was able to compromise Microsoft’s cloud security systems by using an acquired MSA key to forge tokens to access Outlook Web Access…

Source…

Microsoft’s role in government email hack under cyber-inquiry scrutiny


In a recent development that rattled the cyber world, Microsoft found itself in the crosshairs of a U.S. cyber inquiry after a breach of government officials’ email accounts. The planned investigation by a cybersecurity advisory panel will include an examination of the software giant’s role in the hack, which is suspected to be done by Chinese hackers.

The Cyber Safety Review Board, under the Biden administration, is set to focus broadly on risks to cloud computing infrastructure, Bloomberg reported.

According to a Department of Homeland Security official, as quoted by Bloomberg, the board will delve into identity and authentication management, looking into all relevant cloud service providers.

The cyber breach gave rise to vocal criticism from lawmakers like Senator Ron Wyden, who wrote to Attorney General Merrick Garland, Federal Trade Commission Chair Lina Khan, and Director of the Cybersecurity and Infrastructure Security Agency Jen Easterly.

In his letter, Senator Wyden firmly suggested that Microsoft’s cybersecurity procedures were sloppy and required a thorough investigation.

The public scrutiny surrounding Microsoft’s cybersecurity practices isn’t new. Recently, the company faced increasing criticism from computer security experts and government agencies who questioned the adequacy of its customer protection measures against breaches.

The email hack resonated powerfully because it occurred shortly before Secretary of State Antony Blinken’s planned trip to meet President Xi Jinping of China. Additionally, the hack utilized a Microsoft consumer signing key, which enabled the hackers to penetrate the networks and obtain entry to the officials’ emails.

In response, Microsoft committed to making 31 critical security logs accessible to licensees of the company’s lower-cost cloud services from September onwards to tighten their cybersecurity measures. The company also plans to extend the retention period for security logs from 90 to 180 days.

This tale underpins the need for relentless vigilance and rigorous security protocols in our increasingly connected world. It serves as a stern reminder of how even the giants of the tech world can stumble when it comes to…

Source…