REPORT BREACH

Tag Microsoft

Wiz Reports: Microsoft Attack Using Azure AD Token Forging Technique Has Wider Implications Beyond Outlook

On July 21, 2023, it was revealed that the recent breach of Microsoft’s email services by the Chinese state-sponsored group Storm-0558 is more extensive than initially suspected. According to cloud security firm Wiz, the attack exploited an inactive consumer signing key from Microsoft accounts (MSA) to forge Azure Active Directory (Azure AD) tokens, allowing unauthorized access not just to Outlook Web Access (OWA) and Outlook.com, but potentially to a wide range of Azure AD applications. This includes major platforms like OneDrive, SharePoint, and Teams, as well as customer applications utilizing "Login with Microsoft" features, and certain multi-tenant applications under specific conditions. Wiz’s CTO, Ami Luttwak, emphasized, "Everything in the world of Microsoft leverages Azure Active Directory auth tokens for access," highlighting the far-reaching implications of this vulnerability.

In a recent report by Wiz, a cloud security firm, it has come to light that the recent breach of Microsoft’s email infrastructure by the Chinese state-sponsored group known as Storm-0558 has broader implications than initially perceived. The breach exploited an inactive Microsoft account (MSA) consumer signing key, which was…

Read More

Wiz Reports: Microsoft Attack Using Azure AD Token Forging Technique Has Wider Implications Beyond Outlook

On July 21, 2023, it was revealed that the recent breach of Microsoft’s email services by the Chinese state-sponsored group Storm-0558 is more extensive than initially suspected. According to cloud security firm Wiz, the attack exploited an inactive consumer signing key from Microsoft accounts (MSA) to forge Azure Active Directory (Azure AD) tokens, allowing unauthorized access not just to Outlook Web Access (OWA) and Outlook.com, but potentially to a wide range of Azure AD applications. This includes major platforms like OneDrive, SharePoint, and Teams, as well as customer applications utilizing "Login with Microsoft" features, and certain multi-tenant applications under specific conditions. Wiz’s CTO, Ami Luttwak, emphasized, "Everything in the world of Microsoft leverages Azure Active Directory auth tokens for access," highlighting the far-reaching implications of this vulnerability.

Microsoft Acknowledges Source Code and Customer Data Breach by Russian Hackers

On March 9, 2024, Microsoft confirmed that the Kremlin-affiliated cyber group, Midnight Blizzard (also known as APT29 or Cozy Bear), successfully infiltrated some of its source code repositories and internal systems. This breach was initially uncovered in January 2024. The tech company stated, "We have recently observed that Midnight Blizzard is leveraging information obtained from our corporate email systems to gain, or attempt to gain, unauthorized access." While the investigation into the breach’s scope continues, Microsoft assures that there is no evidence suggesting compromise of customer-facing systems hosted on its platform. Microsoft also noted that the Russian state-sponsored hackers are trying to exploit various types of confidential information, including interactions between customers and Microsoft over email; however, specific details have not been disclosed.

Microsoft Confirms Source Code and Sensitive Data Breach by Russian Hackers On March 8, 2024, Microsoft disclosed that the Kremlin-supported cyber threat group known as Midnight Blizzard, also referred to as APT29 or Cozy Bear, has successfully infiltrated some of its source code repositories and internal systems. This revelation follows…

Read More

Microsoft Acknowledges Source Code and Customer Data Breach by Russian Hackers

On March 9, 2024, Microsoft confirmed that the Kremlin-affiliated cyber group, Midnight Blizzard (also known as APT29 or Cozy Bear), successfully infiltrated some of its source code repositories and internal systems. This breach was initially uncovered in January 2024. The tech company stated, "We have recently observed that Midnight Blizzard is leveraging information obtained from our corporate email systems to gain, or attempt to gain, unauthorized access." While the investigation into the breach’s scope continues, Microsoft assures that there is no evidence suggesting compromise of customer-facing systems hosted on its platform. Microsoft also noted that the Russian state-sponsored hackers are trying to exploit various types of confidential information, including interactions between customers and Microsoft over email; however, specific details have not been disclosed.

New Variant of BlackCat Ransomware Leverages Advanced Impacket and RemCom Tools

Microsoft recently reported the identification of a new variant of the BlackCat ransomware, also known as ALPHV or Noberus. This ransomware strain integrates tools such as Impacket and RemCom, enhancing its capabilities for lateral movement within compromised networks and facilitating remote code execution. The unveiling comes on the heels of…

Read MoreNew Variant of BlackCat Ransomware Leverages Advanced Impacket and RemCom Tools

U.S. Cyber Safety Board Criticizes Microsoft for Breach Involving China-Based Hackers

The U.S. Cyber Safety Review Board (CSRB) has issued a stern rebuke to Microsoft for significant security failures that enabled a cyberattack by a Chinese state-sponsored group known as Storm-0558. This breach, which occurred last year, compromised nearly two dozen organizations in both Europe and the U.S. The findings, shared…

Read MoreU.S. Cyber Safety Board Criticizes Microsoft for Breach Involving China-Based Hackers

Essential Principles of Cloud Security Stress Testing

Cloud Security: The Imperative of Penetration Testing "Defenders think in lists, attackers think in graphs," remarked John Lambert from Microsoft, encapsulating the contrasting mindsets of cybersecurity defenders and attackers. This fundamental difference underscores the need for organizations to adopt an attacker’s viewpoint in bolstering their cybersecurity measures. While traditional defense…

Read MoreEssential Principles of Cloud Security Stress Testing

Two LAPSUS$ Hackers Found Guilty in London Court for Notorious Tech Firm Breaches

Two UK Teenagers Convicted for LAPSUS$ Hacking Activities Targeting Major Tech Firms A jury in London has convicted two teenagers for their roles in the notorious LAPSUS$ hacking group, also known as Slippy Spider. This gang has been linked to a series of high-profile cyberattacks against leading technology companies, employing…

Read MoreTwo LAPSUS$ Hackers Found Guilty in London Court for Notorious Tech Firm Breaches

New Bolster CEO Talks About AI-Powered Fraud Prevention and Data Security

Bolster Appoints Rod Schultz as CEO to Address Internal Data Security and AI-Driven Threats Rod Schultz has been appointed as the new CEO of Bolster, a Silicon Valley-based brand security startup, with a mandate to expand the company’s focus from protecting brands against external threats to addressing internal data security…

Read MoreNew Bolster CEO Talks About AI-Powered Fraud Prevention and Data Security

UK Banks Advised to Prepare for Potential CrowdStrike-Style Outage

Regulators Urge Enhanced Security for Third-Party Services Following CrowdStrike Outage In light of the significant disruption caused by a cybersecurity incident involving CrowdStrike, the U.K. Financial Conduct Authority (FCA) has issued a directive urging financial institutions to bolster their preparedness against similar outages. This follows a global incident in July…

Read MoreUK Banks Advised to Prepare for Potential CrowdStrike-Style Outage

Cybersecurity Updates: Data Breaches, Vulnerabilities, and Attack Insights

Weekly Cybersecurity Newsletter: Key Developments and Insights In the latest edition of our cybersecurity newsletter, we delve into pressing updates from the digital security landscape, highlighting significant vulnerabilities and emerging threats that demand the attention of business owners and professionals alike. This week’s discussion covers the types of cyber threats…

Read MoreCybersecurity Updates: Data Breaches, Vulnerabilities, and Attack Insights