Connect with us

Technology

Microsoft describes how its leaders were spied on by Russian hackers

Published

on

Microsoft describes how its leaders were spied on by Russian hackers

The Russian state-sponsored hackers responsible for the SolarWinds attack launched a nation-state attack against Microsoft’s corporate systems, the company disclosed last week. Some members of Microsoft’s senior leadership team had their email accounts compromised by hackers, who may have been snooping on them for weeks or months.

Microsoft released a preliminary investigation of how the hackers circumvented its security measures, even though the software company’s original SEC report late on Friday had little details about how the attackers obtained access. It also serves as a warning that other firms have been targeted by the same hacking outfit, commonly known as Nobelium or by the weather-themed nickname “Midnight Blizzard,” which Microsoft uses to refer to them.

Initially, Nobelium used a password spray assault to gain access to Microsoft’s servers. Hackers employ a dictionary of possible passwords in this kind of brute force attack against accounts. Crucially, two-factor authentication was not activated on the compromised non-production test tenant account. In order to avoid discovery, Microsoft claims that Nobelium “tailored their password spray attacks to a limited number of accounts, using a low number of attempts.”

The group identified and compromised a historical test OAuth application that had elevated access to the Microsoft corporate environment by using the access they had gained from the previous attack. A popular open standard for token-based authentication is OAuth. It’s a widely used web feature that lets you log into apps and services without giving your password to a website. OAuth is used on websites that you might be able to get into with your Gmail account.

The group was able to produce more malicious OAuth apps and accounts thanks to this higher access, which also gave them access to Microsoft’s corporate network and, eventually, its Office 365 Exchange Online service, which gives users access to email inboxes.

“Midnight Blizzard leveraged these malicious OAuth applications to authenticate to Microsoft Exchange Online and target Microsoft corporate email accounts,” explains Microsoft’s security team.

Microsoft previously stated that it was “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” The company has not disclosed the exact number of its corporate email accounts that were targeted and accessed.

Additionally, Microsoft has yet to provide a precise timeframe for the duration of the hackers’ eavesdropping on its top leadership group and other staff members. Although the first attack happened in late November 2023, Microsoft didn’t become aware of it until January 12th. This could indicate that for almost two months, the attackers surveilled Microsoft leaders.

The same group of hackers had earlier this week gotten access to Hewlett Packard Enterprise’s (HPE) “cloud-based email environment.” Although HPE did not identify the supplier, it did disclose that the event was “probably connected” to the “exfiltration of a restricted quantity of [Microsoft] SharePoint documents as early as May 2023.”

The Microsoft hack happened a few days after the business declared its intention to restructure its software security in response to significant attacks on the Azure cloud. This is Microsoft’s most recent cybersecurity incident. A Microsoft Exchange Server vulnerability allowed 30,000 companies’ email systems to be compromised in 2021, and Chinese hackers used a Microsoft cloud attack last year to access emails belonging to the US government. The same Nobelium group that carried out this embarrassing executive email hack previously targeted Microsoft in the massive SolarWinds attack almost three years ago.

The cybersecurity community will probably take issue with Microsoft’s revelation that a crucial test account was operating without two-factor authentication. Although there was no software vulnerability in Microsoft, the hackers were able to stealthily navigate Microsoft’s corporate network thanks to a series of incorrectly set up test setups. “In an interview with CNBC earlier this week, George Kurtz, the CEO of CrowdStrike, questioned how the compromise of the highest ranking officials at Microsoft occurred in a non-production test environment.” “I believe there will be much more information released on this,”

Kurtz was correct; additional information has surfaced, but some crucial elements remain unreported. Microsoft asserts that in order to properly defend against these threats, “mandatory Microsoft policy and workflows would ensure MFA and our active protections are enabled” if this identical non-production test environment were implemented today. Microsoft still has a lot of explaining to do, particularly if it wants its users to think that it is genuinely making improvements to the way it develops, tests, builds, and runs its services and software to better defend against security risks.

Technology

Google is said to be discontinuing the Pixel Tablet 2 and may be leaving the market once more

Published

on

Google terminated the development of the Pixel Tablet 3 yesterday, according to Android Headlines, even before a second-generation model was announced. The second-generation Pixel Tablet has actually been canceled, according to the report. This means that the gadget that was released last year will likely be a one-off, and Google is abandoning the tablet market for the second time in just over five years.

If accurate, the report indicates that Google has determined that it is not worth investing more money in a follow-up because of the dismal sales of the Pixel Tablet. Rumors of a keyboard accessory and more functionality for the now-defunct project surfaced as recently as last week.

It’s important to keep in mind that Google’s Nest subsidiary may abandon its plans for large-screen products in favor of developing technologies like the Nest Hub and Hub Max rather than standalone tablets.

Google has always had difficulty making a significant impact in the tablet market and creating a competitor that can match Apple’s iPad in terms of sales and general performance, not helped in the least by its inconsistent approach. Even though the hardware was good, it never really fought back after getting off to a promising start with the Nexus 7 eons ago. Another problem that has hampered Google’s efforts is that Android significantly trails iPadOS in terms of the quantity of third-party apps that are tablet-optimized.

After the Pixel Slate received tremendously unfavorable reviews, the firm first declared that it was finished producing tablets in 2019. Two tablets that were still in development at the time were discarded.

By 2022, however, Google had altered its mind and declared that a tablet was being developed by its Pixel hardware team. The $499 Pixel Tablet was the final version of the gadget, which came with a speaker dock that the tablet could magnetically connect to. (Google would subsequently charge $399 for the tablet alone.)

Continue Reading

Technology

Windows 11 PCs with Arm Processors now have an Official ISO for Clean Installations

Published

on

Power users occasionally prefer to start over when they acquire a new computer, so they follow the pro-gamers’ advice and reinstall Windows using a brand-new ISO image that comes straight from Microsoft and is free of bloatware and needlessly complex “driver management programs.” Up until recently, the new Snapdragon laptops’ more specialized version of Windows 11 didn’t support that.

The Windows 11 build on these new laptops is unusual because of the Arm64-based hardware, which differs from the typical x86 and x64 innards found in most laptops and desktops. Microsoft has finally released a disk image (or ISO file) for these devices after several months of waiting. To perform a direct reinstallation or make a bootable flash drive for a different device, you may now download it straight from Microsoft’s website. It is identical to the installation media utility that is currently available.

Be aware that there may be some glitches if you use this method for a fresh install. Compared to previous designs, the Snapdragon X system-on-a-chip has a lot fewer hardware variables, but because it’s so new, Windows Update might not include all the necessary components. You may need to use an Ethernet connection or the old-fashioned sneakernet to manually load drivers from another computer. You may also need to do some Googling to locate all the files you require for that.

Continue Reading

Technology

OPPO Reno 13 series will debut in China shortly, with India following in 2025

Published

on

According to reports, OPPO, a Chinese firm, is getting ready to introduce its Reno 13 series smartphones in its native nation this month. As per 91Mobiles, the OPPO Reno 13 and Reno 13 Pro models are anticipated to debut in China on November 25. The Indian launch is probably set for January 2025. The smartphone series that debuted in July of this year, the Reno 12 series, will be replaced by the Reno 13 series.

Information regarding the specifications of the new Reno 13 and Reno 13 Pro smartphones has leaked online, although the business has not yet confirmed the launch date. These are the specifics:

OPPO Reno 13 Series: Anticipations

It is anticipated that the OPPO Reno 13 Pro would have a 6.78-inch, quad-curved OLED screen with 1.5K resolution. In contrast, the slightly smaller 6.7-inch display with FHD+ resolution is found on the OPPO Reno 12 Pro. In China, the Pro model is probably going to be powered by the MediaTek Dimensity 8350 chipset, while in India, it might have a different processor. A 50MP primary camera, an 8MP ultrawide sensor, and a 50MP telephoto sensor with 3x optical zoom are anticipated to be included in the OPPO Reno 13 Pro’s photographic setup. Most likely, the front camera will include a 50MP sensor.

With a 5,900mAh battery as opposed to the 5,000mAh battery on the Reno 12 Pro, the Reno 13 Pro is anticipated to significantly increase battery capacity. Additionally, it is anticipated that the smartphone would support both 50W wireless and 80W wired charging. Additionally, an IP68/IP69 designation for water and dust protection could increase its durability.

Although the price of the smartphones in the Reno 13 series is not well known, it is anticipated to be similar to that of its predecessor. For comparison, the 12GB RAM + 256GB storage version of the OPPO Reno 12 Pro launched at Rs 36,999, while the 8GB RAM + 256GB storage version of the vanilla model cost Rs 32,999.

OPPO Reno 13 Pro: Anticipated features

  • Display: 6.78-inch OLED, quad-curved, with a refresh rate of 120 Hz and a resolution of 1.5K
  • processor: MediaTek Dimensity 8350
  • rear camera: 50MP primary, 8MP ultra-wide, and 50MP telephoto (3x zoom)
  • front camera: 50MP
  • Battery: 5,900mAh
  •  Charging: 50W wireless and 80W wired
  • IP rating: IP68/IP69; operating system: ColorOS 15 based on Android 15

Continue Reading

Trending

error: Content is protected !!