Connect with us

Technology

Microsoft describes how its leaders were spied on by Russian hackers

Published

on

Microsoft describes how its leaders were spied on by Russian hackers

The Russian state-sponsored hackers responsible for the SolarWinds attack launched a nation-state attack against Microsoft’s corporate systems, the company disclosed last week. Some members of Microsoft’s senior leadership team had their email accounts compromised by hackers, who may have been snooping on them for weeks or months.

Microsoft released a preliminary investigation of how the hackers circumvented its security measures, even though the software company’s original SEC report late on Friday had little details about how the attackers obtained access. It also serves as a warning that other firms have been targeted by the same hacking outfit, commonly known as Nobelium or by the weather-themed nickname “Midnight Blizzard,” which Microsoft uses to refer to them.

Initially, Nobelium used a password spray assault to gain access to Microsoft’s servers. Hackers employ a dictionary of possible passwords in this kind of brute force attack against accounts. Crucially, two-factor authentication was not activated on the compromised non-production test tenant account. In order to avoid discovery, Microsoft claims that Nobelium “tailored their password spray attacks to a limited number of accounts, using a low number of attempts.”

The group identified and compromised a historical test OAuth application that had elevated access to the Microsoft corporate environment by using the access they had gained from the previous attack. A popular open standard for token-based authentication is OAuth. It’s a widely used web feature that lets you log into apps and services without giving your password to a website. OAuth is used on websites that you might be able to get into with your Gmail account.

The group was able to produce more malicious OAuth apps and accounts thanks to this higher access, which also gave them access to Microsoft’s corporate network and, eventually, its Office 365 Exchange Online service, which gives users access to email inboxes.

“Midnight Blizzard leveraged these malicious OAuth applications to authenticate to Microsoft Exchange Online and target Microsoft corporate email accounts,” explains Microsoft’s security team.

Microsoft previously stated that it was “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” The company has not disclosed the exact number of its corporate email accounts that were targeted and accessed.

Additionally, Microsoft has yet to provide a precise timeframe for the duration of the hackers’ eavesdropping on its top leadership group and other staff members. Although the first attack happened in late November 2023, Microsoft didn’t become aware of it until January 12th. This could indicate that for almost two months, the attackers surveilled Microsoft leaders.

The same group of hackers had earlier this week gotten access to Hewlett Packard Enterprise’s (HPE) “cloud-based email environment.” Although HPE did not identify the supplier, it did disclose that the event was “probably connected” to the “exfiltration of a restricted quantity of [Microsoft] SharePoint documents as early as May 2023.”

The Microsoft hack happened a few days after the business declared its intention to restructure its software security in response to significant attacks on the Azure cloud. This is Microsoft’s most recent cybersecurity incident. A Microsoft Exchange Server vulnerability allowed 30,000 companies’ email systems to be compromised in 2021, and Chinese hackers used a Microsoft cloud attack last year to access emails belonging to the US government. The same Nobelium group that carried out this embarrassing executive email hack previously targeted Microsoft in the massive SolarWinds attack almost three years ago.

The cybersecurity community will probably take issue with Microsoft’s revelation that a crucial test account was operating without two-factor authentication. Although there was no software vulnerability in Microsoft, the hackers were able to stealthily navigate Microsoft’s corporate network thanks to a series of incorrectly set up test setups. “In an interview with CNBC earlier this week, George Kurtz, the CEO of CrowdStrike, questioned how the compromise of the highest ranking officials at Microsoft occurred in a non-production test environment.” “I believe there will be much more information released on this,”

Kurtz was correct; additional information has surfaced, but some crucial elements remain unreported. Microsoft asserts that in order to properly defend against these threats, “mandatory Microsoft policy and workflows would ensure MFA and our active protections are enabled” if this identical non-production test environment were implemented today. Microsoft still has a lot of explaining to do, particularly if it wants its users to think that it is genuinely making improvements to the way it develops, tests, builds, and runs its services and software to better defend against security risks.

Technology

Apple has revealed a revamped Mac Mini with an M4 chip

Published

on

A smaller but no less powerful Mac Mini was recently unveiled by Apple as part of the company’s week of Mac-focused announcements. It now has Apple’s most recent M4 silicon, enables ray tracing for the first time, and comes pre-installed with 16GB of RAM, which seems to be the new standard in the age of Apple Intelligence. While the more potent M4 Pro model starts at $1,399, the machine still starts at $599 with the standard M4 CPU. The Mac Mini is available for preorder right now and will be in stores on November 8th, just like the updated iMac that was revealed yesterday.

The new design will be the first thing you notice. The Mini has reportedly been significantly reduced in size, although it was already a comparatively small desktop computer. It is now incredibly small, with dimensions of five inches for both length and width. Apple claims that “an innovative thermal architecture, which guides air to different levels of the system, while all venting is done through the foot” and the M4’s efficiency are the reasons it keeps things cool.

Nevertheless, Apple has packed this device with a ton of input/output, including a 3.5mm audio jack and two USB-C connections on the front. Three USB-C/Thunderbolt ports, Ethernet, and HDMI are located around the back. Although the USB-A ports are outdated, it’s important to remember that the base M2 Mini only featured two USB-A connectors and two Thunderbolt 4 ports. You get a total of five ports with the M4. You get an additional Thunderbolt port but lose native USB-A.

Depending on the M4 processor you select, those Thunderbolt connectors will have varying speeds. While the M4 Pro offers the most recent Thunderbolt 5 throughput, the standard M4 processor comes with Thunderbolt 4.

With its 14 CPU and 20 GPU cores, the M4 Pro Mac Mini also offers better overall performance. The standard M4 can have up to 32GB of RAM, while the M4 Pro can have up to 64GB. The maximum storage capacity is an astounding 8TB. Therefore, even though the Mini is rather little, if you have the money, you can make it really powerful. For those who desire it, 10 gigabit Ethernet is still an optional upgrade.

Apple has a big week ahead of it. On Monday, the company released the M4 iMac and its first Apple Intelligence software features for iOS, iPadOS, and macOS. (More AI functionality will be available in December, such as ChatGPT integration and image production.) As Apple completes its new hardware, those updated MacBook Pros might make their appearance tomorrow. The business will undoubtedly highlight its newest fleet of Macs when it releases its quarterly profits on Thursday.

Continue Reading

Technology

Apple Intelligence may face competition from a new Qualcomm processor

Published

on

The new chip from Qualcomm (QCOM) may increase competition between Apple’s (AAPL) iOS and Android.

During its Snapdragon Summit on Monday, the firm unveiled the Snapdragon 8 Elite Mobile Platform, which includes a new, second-generation Oryon CPU that it claims is the “fastest mobile CPU in the world.” According to Qualcomm, multimodal generative artificial intelligence characteristics can be supported by the upcoming Snapdragon platform.

Qualcomm, which primarily creates chips for mobile devices running Android, claims that the new Oryon CPU is 44% more power efficient and 45% faster. As the iPhone manufacturer releases its Apple Intelligence capabilities, the new Snapdragon 8 platform may allow smartphone firms compete with Apple on the AI frontier. Additionally, Apple has an agreement with OpenAI, the company that makes ChatGPT, to incorporate ChatGPT-4o into the upcoming iOS 18, iPadOS 18, and macOS Sequoia.

According to a September Wall Street Journal (NWSA) story, Qualcomm is apparently interested in purchasing Intel (INTC) in a deal that could be valued up to $90 billion. According to Bloomberg, Apollo Global Management (APO), an alternative asset manager, had also proposed an equity-like investment in Intel with a potential value of up to $5 billion.

According to reports, which cited anonymous sources familiar with the situation, Qualcomm may postpone its decision to acquire Intel until after the U.S. presidential election next month. According to the persons who spoke with Bloomberg, Qualcomm is waiting to make a decision on the transaction because of the possible effects on antitrust laws and tensions with China after the election results.

According to a report from analysts at Bank of America Global Research (BAC), Qualcomm could expand, take the lead in the market for core processor units, or CPUs, for servers, PCs, and mobile devices, and get access to Intel’s extensive chip fabrication facilities by acquiring Intel. They went on to say that Qualcomm would become the world’s largest semiconductor company if its $33 billion in chip revenue were combined with Intel’s $52 billion.

The experts claimed that those advantages would be outweighed by the financial and regulatory obstacles posed by a possible transaction. They are dubious about a prospective takeover and think that Intel’s competitors may gain from the ambiguity surrounding the agreement.

Continue Reading

Technology

iPhone 16 Pro Users Report Screen Responsiveness Issues, Hope for Software Fix

Published

on

Many iPhone 16 Pro and iPhone 16 Pro Max users are experiencing significant touchscreen responsiveness problems. Complaints about lagging screens and unresponsive taps and swipes are particularly frustrating for customers who have invested $999 and up in these devices.

The good news is that initial assessments suggest the issue may be software-related rather than a hardware defect. This means that Apple likely won’t need to issue recalls or replacement units; instead, a simple software update could resolve the problem.

The root of the issue might lie in the iOS touch rejection algorithm, which is designed to prevent accidental touches. If this feature is overly sensitive, it could ignore intentional inputs, especially when users’ fingers are near the new Camera Control on the right side of the display. Some users have reported that their intended touches are being dismissed, particularly when their fingers are close to this area.

Additionally, the new, thinner bezels on the iPhone 16 Pro compared to the iPhone 15 Pro could contribute to the problem. With less protection against accidental touches, the device may misinterpret valid taps as mistakes, leading to ignored inputs.

This isn’t the first time Apple has faced challenges with new iPhone models. For instance, the iPhone 4 experienced “Antennagate,” where signal loss occurred depending on how the device was held, prompting Steve Jobs to famously suggest users hold their phones differently. Apple eventually provided free rubber bumpers to mitigate the issue.

To alleviate the touchscreen problem, using a case might help by covering parts of the display and reducing the chances of accidental touches triggering the rejection algorithm. The issue appears on devices running iOS 18 and the iOS 18.1 beta and does not occur when the phone is locked. Users may notice difficulties when swiping through home screens and apps.

Many are hopeful that an upcoming iOS 18 update will address these issues, restoring responsiveness to the iPhone 16 Pro and iPhone 16 Pro Max displays.

Continue Reading

Trending

error: Content is protected !!