Tag: security breach

Microsoft Employee Emails Hacked by Russia-Linked ‘Midnight Blizzard’ Group, Company Says

Microsoft said a Russian-linked hacking group attacked its corporate systems, getting into a “small number” of email accounts, including those of senior leadership and employees who work in cybersecurity and legal. The company said it’s acting immediately to fix older systems, which will probably cause some disruption.

The hacking group doesn’t appear to have accessed customers’ systems or Microsoft servers that run outward-facing products, the software giant said Friday in a blog post. Microsoft also has no evidence the group, named Midnight Blizzard, got into source code or artificial intelligence systems.

“We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes,” the company said. “This will likely cause some level of disruption.”

The group that Microsoft deemed responsible, also known as “Nobelium,” is a sophisticated nation-state hacking group that the US government has tied to Russia. The same group previously breached SolarWinds, a US federal contractor, as part of a massive cyber-espionage effort against US federal agencies.

The company said hackers beginning in November used a “password spray” attack to infiltrate its systems. That technique, sometimes known as a “brute force attack,” typically involves outsiders quickly trying multiple passwords on specific user names in order to try breaching targeted corporate accounts.

In this case, in addition to the accessed accounts, the attackers also took emails and attached documents. Microsoft said it detected the hack on January 12, adding that the company is still notifying employees whose emails were accessed.

Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, said government officials are “closely coordinating with Microsoft to gain additional insights into this incident and understand impacts so we can help protect other potential victims.”

Microsoft technology has frequently been the target of major hacking campaigns.

The US Cyber Safety Review Board, which reports to the Department of Homeland Security, is already assessing a 2023 intrusion against Microsoft Exchange Online that the company attributed to China-linked hackers. That breach enabled the hack of senior US officials’ email accounts and has prompted growing concerns about cloud computing security. Microsoft said in September it identified five different errors in how its systems that have “been corrected.”

In an interview with Bloomberg in 2023 following that breach, Jen Easterly, director of the agency that manages the board, suggested that Microsoft should “recapture the ethos” of what Microsoft co-founder Bill Gates called “trustworthy computing” in 2002, when he instructed employees to focus on security over adding new features.

“I absolutely positively think they have to focus on ensuring their products are both secure by default and secure by design, and we are going to continue to work with them to urge them to do that,” Easterly said of Microsoft.

In November, Microsoft said it was overhauling how it protects its software and systems after a series of high-profile hacks. Now the company said it must pick up the pace on changes, particularly to older systems and products.

“For Microsoft, this incident has highlighted the urgent need to move even faster,” the company said Friday.

© 2024 Bloomberg LP

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Microsoft Reportedly Left Users Vulnerable for Years Due to Out-of-Date Driver List: All Details

Microsoft failed to safeguard Windows PC users from malicious drivers since 2019, according to a report. Computers use drivers to communicate with external devices such as hard disks, cameras, printers, and smartphones. Each driver is required to be digitally signed to ensure that it is safe for use. If, however, an existing digitally signed driver has a security flaw, it could be easily exploited by hackers. This has reportedly caused people to be exposed to a type of cyberattack called Bring Your Own Vulnerable Driver (BYOVD) that grants hackers direct access to the PCs running on Windows, by exploiting known flaws in driver software.

Microsoft uses hypervisor-protected code integrity (HVCI) as a security measure against such attacks. Citing senior vulnerability analyst Will Dormann, ArsTechnica reports that this security tool did not properly protect users against being infected through compromised drivers.

Last month, Dormann posted a Twitter thread on how he was able to download a malicious driver on a Microsoft HVCI-enabled device, which should have been blocked. He claims that the blocklist had not been updated since 2019, implying that users were not protected by Microsoft from these drivers for years.

Earlier this month, Microsoft project manager Jeffery Sutherland replied to Dormann’s tweets and revealed additional protectional measures the company had recently undertaken to mitigate the issue. “We have updated the online docs and added a download with instructions to apply the binary version directly,” Sutherland tweeted.

Microsoft told ArsTechnica that it adds malicious drivers to a blocklist, that receives regular updates. “The vulnerable driver list is regularly updated, however we received feedback there has been a gap in synchronization across OS versions. We have corrected this and it will be serviced in upcoming and future Windows Updates. The documentation page will be updated as new updates are released,” the company said.

Meanwhile many cases of BYOVD attacks have made it to the headlines in recent times. Recently, cybercriminals exploited a vulnerability in the anti-cheat driver for the game Genshin Impact. Last year, North Korean hacking group Lazarus used a BYOVD attack on an aerospace employee in the Netherlands.

Affiliate links may be automatically generated – see our ethics statement for details.



Check out our Latest News and Follow us at Facebook

Original Source

Samsung Discloses Breach of US Systems in July, Says Personal Information Was Exposed

Samsung on Friday disclosed that it had recently detected a cybersecurity breach that resulted in the exposure of personal information of customers. The incident took place in late July, according to the South Korean firm, when an unauthorised third party compromised the company’s US systems. Samsung says that as part of an ongoing investigation, the company hired a cybersecurity firm and is coordinating with law enforcement. The company previously revealed that it had been affected by a data breach in March, where hackers managed to steal source code for Samsung smartphones. 

On Friday, Samsung disclosed the security breach via its security response centre, revealing that the attackers may have gained access to personal information of customers, including name, contact and demographic information, date of birth, and product registration information.

According to Samsung, the data exposed in the breach did not include customers’ Social Security numbers or credit and debit card details. While the company is yet to specify the number of users and regions that were affected, the notice appears to suggest that US customer details were exposed in the incident.  

“We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement,” Samsung said on its website, adding that it has notified customers of the incident.

Samsung says that it has reached out to customers that it has identified as being affected by the issue and will contact users it has not yet reached out to, if further notifications are required during its investigation. 

According to the company, users should remain cautious of unsolicited communications asking for personal information, avoid clicking on links or downloading attachments from suspicious emails, and review their accounts for suspicious activity. The company says its consumer devices were not affected during the incident. 

Back in March, Samsung revealed that it had suffered a cybersecurity breach, which resulted in the exposure of internal company data. The leaked data included source code for Samsung Galaxy smartphones, but Samsung had stated that the personal data of customers or its employees was not affected. The Lapsus$ hacking group had previously claimed responsibility for the breach, and the company stated at the time that it had taken measures to prevent breaches in the future.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Exit mobile version