Connect with us

Reuters

Suspected Russian hackers used Microsoft vendors to breach customers

The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, investigators said.

Published

on

WASHINGTON (Reuters) – The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, investigators said.

FILE PHOTO: A Microsoft logo is seen in Los Angeles, California U.S. November 7, 2017. REUTERS/Lucy Nicholson/File Photo

While updates to SolarWinds’ Orion software was previously the only known point of entry, security company CrowdStrike Holdings Inc said Thursday hackers had won access to the vendor that sold it Office licenses and used that to try to read CrowdStrike’s email. It did not specifically identify the hackers as being the ones that compromised SolarWinds, but two people familiar with CrowdStrike’s investigation said they were.

CrowdStrike uses Office programs for word processing but not email. The failed attempt, made months ago, was pointed out to CrowdStrike by Microsoft on Dec. 15.

CrowdStrike, which does not use SolarWinds, said it had found no impact from the intrusion attempt and declined to name the reseller.

“They got in through the reseller’s access and tried to enable mail ‘read’ privileges,” one of the people familiar with the investigation told Reuters. “If it had been using Office 365 for email, it would have been game over.”

Many Microsoft software licenses are sold through third parties, and those companies can have near-constant access to clients’ systems as the customers add products or employees.

Microsoft said Thursday that those customers need to be vigilant.

“Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms,” said Microsoft senior Director Jeff Jones. “We have not identified any vulnerabilities or compromise of Microsoft product or cloud services.”

The use of a Microsoft reseller to try to break into a top digital defense company raises new questions about how many avenues the hackers, whom U.S. officials have alleged are operating on behalf of the Russian government, have at their disposal.

The known victims so far include CrowdStrike security rival FireEye Inc and the U.S. Departments of Defense, State, Commerce, Treasury, and Homeland Security. Other big companies, including Microsoft and Cisco Systems Inc, said they found tainted SolarWinds software internally but had not found signs that the hackers used it to range widely on their networks.

Until now, Texas-based SolarWinds was the only publicly confirmed channel for the initial break-ins, although officials have been warning for days that the hackers had other ways in.

Reuters reported a week ago that Microsoft products were used in attacks. But federal officials said they had not seen it as an initial vector, and the software giant said its systems were not utilized in the campaign. (here)

Microsoft then hinted that its customers should still be wary. At the end of a long, technical blog post on Tuesday, it used one sentence to mention seeing hackers reach Microsoft 365 Cloud “from trusted vendor accounts where the attacker had compromised the vendor environment.”

Microsoft requires its vendors to have access to client systems in order to install products and allow new users. But discovering which vendors still have access rights at any given time is so hard that CrowdStrike developed and released an auditing tool to do that.

After a series of other breaches through cloud providers, including a major set of attacks attributed to Chinese government-backed hackers and known as CloudHopper, Microsoft this year imposed new controls on its resellers, including requirements for multifactor authentication.

The Cybersecurity and Infrastructure Security Agency and the National Security Agency had no immediate comment.

Also Thursday, SolarWinds released an update to fix the vulnerabilities in its flagship network management software Orion following the discovery of a second set of hackers that had targeted the company’s products. That followed a separate Microsoft blog post on Friday saying that SolarWinds had its software targeted by a second and unrelated group of hackers in addition to those linked to Russia.

The identity of the second set of hackers, or the degree to which they may have successfully broken in anywhere, remains unclear.

Russia has denied having any role in the hacking.

Reporting by Joseph Menn and Raphael Satter. Additonal reporting by Munsif Vengattil; Editing by Chizu Nomiyama, Alistair Bell and Richard Chang

for-phone-onlyfor-tablet-portrait-upfor-tablet-landscape-upfor-desktop-upfor-wide-desktop-up

Source: https://www.reuters.com/article/us-global-cyber-usa/suspected-russian-hackers-used-microsoft-vendors-to-breach-customers-idUSKBN28Y1BF

suspected-russian-hackers-used-microsoft-vendors-to-breach-customers

Reuters

Facebook apologizes for second outage in a week, services back up

Facebook Inc apologized to users for a two hour disruption to its services on Friday and blamed another faulty configuration change for its second global outage this week.

Published

on

Silhouettes of mobile users are seen next to a screen projection of Instagram logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration/File Photo

Oct 8 (Reuters) – Facebook Inc (FB.O) apologized to users for a two hour disruption to its services on Friday and blamed another faulty configuration change for its second global outage this week.

The company confirmed its social media platform, Instagram, Messenger and Workplace were impacted by the latest outage.

“Sincere apologies to anyone who wasn’t able to access our products in the last couple of hours,” the company said. “We fixed the issue, and everything should be back to normal now.”

During the latest outage, some users were unable to load their Instagram feeds, while others were not able to send messages on Facebook Messenger.

People swiftly took to Twitter to share memes and jokes about the second service disruption this week. “Looks like Facebook went to a 3-day work week. Monday and Friday shutdowns?” a Twitter user said.

Instagram thanked users for their patience and “for all the memes this week”.

On Monday, the social media giant blamed a “faulty configuration change” for a nearly six-hour outage that prevented the company’s 3.5 billion users from accessing its social media and messaging services such as WhatsApp, Instagram and Messenger.

The outage on Monday was the largest that web monitoring group Downdetector had ever seen and blocked access to the apps for billions of users, leading to a surge in usage of rival social media and messaging apps. read more

Moscow officials said Monday’s outage showed Russia was right to develop its own social media networks, while EU antitrust chief Margrethe Vestager highlighted the repercussions of relying on just a few big players, underscoring the need for more rivals. read more

Both the outages piled pressure on Facebook this week after a former employee turned whistleblower accused the company on Sunday of repeatedly prioritizing profit over clamping down on hate speech and misinformation. read more

Reporting by Subrat Patnaik in Bengaluru and Sheila Dang in Dallas; Additional reporting by Bhargav Acharya; Editing by Shounak Dasgupta

Our Standards: The Thomson Reuters Trust Principles.

“Sincere apologies to anyone who wasn’t able to access our products in the last couple of hours,” the company said. “We fixed the issue, and everything should be back to normal now.”

Source: https://www.reuters.com/technology/instagram-feeds-not-loading-some-users-2021-10-08/

facebook-apologizes-for-second-outage-in-a-week,-services-back-up

Continue Reading

Reuters

Chinese social media platforms to “rectify” financial self-media accounts

China’s top social media platforms, Wechat, Douyin, Sina Weibo and Kuaishou, said on Saturday they would begin to rectify irregular practices of “self-media” accounts that publish financial information, reported state media Global Times.

Published

on

WeChat app is seen on a smartphone in this illustration taken, July 13, 2021. REUTERS/Dado Ruvic/Illustration/File Photo

SHANGHAI, Aug 28 (Reuters) – China’s top social media platforms, Wechat, Douyin, Sina Weibo and Kuaishou, said on Saturday they would begin to rectify irregular practices of “self-media” accounts that publish financial information, reported state media Global Times.

This follows an announcement by China’s cyberspace regulator, the Cyberspace Administration of China (CAC), that it would look into accounts that have repeatedly released financial news illegally, distorted economic policy interpretation, badmouthed financial markets, spread rumours and disrupted network communications.

The term “self-media” is mostly used on Chinese social media to describe independently operated accounts that produce original content but are not officially registered with the authorities.

Wechat said in a statement on Saturday that from now until Oct. 26, it would investigate and shut down financial self-media accounts that “badmouth the financial market” and “blackmail and spread rumors.”

Sina Weibo, Douyin and Kuaishou also released similar statements on Saturday, reported the Global Times, with Sina Weibo and Kuaishou adding that they would severely crack down on accounts that violate the rules.

The announcements come amid a recent crackdown by Beijing on the tech sector, with the latest regulations targeting “chaotic” celebrity fan culture and algorithms that technology companies use to drive their business. read more

China is also framing rules to ban internet companies whose data poses potential security risks from listing outside the country, including in the United States. read more

Reporting by Emily Chow. Editing by Gerry Doyle

Our Standards: The Thomson Reuters Trust Principles.

The term “self-media” is mostly used on Chinese social media to describe independently operated accounts that produce original content but are not officially registered with the authorities.

Source: https://www.reuters.com/world/china/chinese-social-media-platforms-rectify-financial-self-media-accounts-2021-08-28/

chinese-social-media-platforms-to-

Continue Reading

Reuters

Death toll rises to 77 from Turkey floods, 47 reported missing

The death toll from flash floods that swept through several towns in Turkish Black Sea provinces last week has risen to 77 people and emergency workers are continuing to search for 47 who are missing, authorities said on Monday.

Published

on

A damaged vehicle and a partially collapsed building are seen following the flash floods that swept through towns in the Turkish Black Sea region, in the town of Ilisi, in Kastamonu province, Turkey, August 15, 2021. REUTERS/Mehmet Emin Caliskan

ISTANBUL, Aug 16 (Reuters) – The death toll from flash floods that swept through several towns in Turkish Black Sea provinces last week has risen to 77 people and emergency workers are continuing to search for 47 who are missing, authorities said on Monday.

The floods last week brought chaos as torrents of water tossed dozens of cars and heaps of debris along streets, destroyed buildings and bridges, closed roads and damaged electricity infrastructure.

Sixty-two people died as a result of floods in Kastamonu province. Another 14 people died in Sinop and one in Bartin, the Disaster and Emergency Management Directorate (AFAD) said.

Forty-seven people were reported missing in Kastamonu and Sinop, it said, adding that seven others were receiving treatment in hospital.

Drone footage showed massive damage in the town of Bozkurt in Kastamonu province, where rescue teams searched demolished buildings at the weekend.

More than 2,000 people were evacuated from affected areas, some with the help of helicopters and boats, AFAD said, adding that more than 8,500 personnel were involved in the emergency response efforts.

Weather forecasters warned of further flooding due to expected heavy rainfall on Monday in Black Sea provinces to the east of the regions affected last week.

Reporting by Ezgi Erkoyun; Editing by Dominic Evans and Rosalba O’Brien

Our Standards: The Thomson Reuters Trust Principles.

Drone footage showed massive damage in the town of Bozkurt in Kastamonu province, where rescue teams searched demolished buildings at the weekend.

Source: https://www.reuters.com/world/middle-east/death-toll-rises-70-turkey-floods-47-reported-missing-2021-08-16/

death-toll-rises-to-77-from-turkey-floods,-47-reported-missing

Continue Reading

Title

CNBC2 days ago

Earnings

Corporate Company Earnings, Find Earnings Per Share and Earnings History Online

ZDNET3 days ago

Even computer experts think ending human oversight of AI is a very bad idea

The UK government is thinking of scrapping the right to ask for a human to review decisions made entirely by...

Crunchbase5 days ago

The Briefing: Hailo Lands $136M Series C

Crunchbase News' top picks of the news to stay current in the VC and startup world.

Cointelegraph5 days ago

Ethereum loses key support level as ETH price falls to two-month lows against Bitcoin

Ethereum's value against Bitcoin dropped below its 200-day exponential moving average for the first time since March 2020, raising risks...

Ventureburn1 week ago

Local emotional intelligence app users significantly grow

It’sOk, an innovative tech startup that aims to promote emotional intelligence among students has experienced exponential growth.

Reuters1 week ago

Facebook apologizes for second outage in a week, services back up

Facebook Inc apologized to users for a two hour disruption to its services on Friday and blamed another faulty configuration...

Bioengineer2 weeks ago

Pioneering chemistry approach could lead to more robust soft electronics

Credit: Udit Chakraborty, Cornell University RESEARCH TRIANGLE PARK, N.C. -- A new approach to studying conjugated polymers made it possible

Ventureburn2 weeks ago

SA fintech partners with rising global fintech to foster financial inclusion in SA –

Ukheshe Technologies has partnered with Chipper to help in the global fintech's rollout of digital payment services and products.

CNBC4 weeks ago

Stitch Fix shares surge as online styling service reports surprise profit

Stitch Fix shares jumped after the online shopping and styling service reported a surprise profit for its fiscal fourth quarter.

Techcrunch1 month ago

South Korean antitrust regulator fines Google $177M for abusing market dominance – TechCrunch

The Korea Fair Trade Commission (KFTC) said on Tuesday it fined Google $177 million for abusing its market dominance in...

Review

    Select language

    Trending