Windows TCO and Security
-
Microsoft downplays damaging report on Chinese hacking its own engineers vetted
In a report published earlier this month, researchers at the security firm Wiz concluded that an encryption key stolen by Chinese hackers to target U.S. officials could have been used far more broadly. Microsoft has said the Chinese operation was a targeted and stealthy one and has disputed Wiz’s findings — despite the fact that Microsoft’s own engineers vetted the Wiz report.
In a statement to CyberScoop, a Microsoft spokesperson dismissed Wiz’s “blog” as “hypothetical attack scenarios” and that Microsoft has not “observed those outcomes in the wild.” An earlier statement described the Wiz report as “speculative” and “not-evidence based.”
But there should be little reason to doubt Wiz’s technical findings, according to the report’s author, Shir Tamari. In an interview with CyberScoop, Tamari said that he met with a Microsoft technical team to discuss his findings and that the firms engineers were very helpful in correcting his analysis. “Eventually they approved everything,” he said.
-
Wyden Requests Federal Agencies Investigate Lax Cybersecurity Practices by Microsoft That Reportedly Enabled Chinese Espionage
“Microsoft never took responsibility for its role in the SolarWinds hacking campaign. It blamed federal agencies for not pushing it to prioritize defending against the encryption key theft technique used by Russia, which Microsoft had known about since 2017. It blamed its customers for using the default logging settings chosen by Microsoft, and then blamed them for not storing the high-value encryption keys in a hardware vault,” Wyden wrote, in a letter to DOJ, the FTC and the Cybersecurity and Infrastructure and Security Agency today.
Wyden highlighted four significant cybersecurity failures by Microsoft that led to the most recent [breach]: [...]
-
Hawaiʻi CC cyber attack resolved [Ed: Windows TCO]
After determining that the compromised data most likely contained personal information of approximately 28,000 individuals, the University of Hawaiʻi made the difficult decision to negotiate with the threat actors in order to protect the individuals whose sensitive information might have been compromised. A significant consideration in this decision-making process was that the criminal entity responsible for the attack has a documented history of publicly posting the stolen personal information of individuals when agreement with the impacted entity was not reached. Working with an external team of cybersecurity experts, UH reached an agreement with the threat actors to destroy all of the information it illegally obtained.
-
CVE-2023-36325: Attackers can de-anonymize i2p hidden services with a message replay attack
A sufficiently determined attacker may be able to de-anonymize the public IPv4 and IPv6 addresses of i2p hidden services (eepsites) by using a combination of brute-forcing the entire i2p router set with a replayed message. This is CVE-2023-36325.
-
URL changes and password managers
I was autofilling a passphrase of pseudorandom goodness this morning, like a gentleman, when the plugin in Firefox complained that the site didn’t match any credentials on file. I knew this couldn’t be true; I’d logged into this site many, many times before. So many times that I had to write many twice.
Wait, that’s four total times. Many. Five. Damn it.
I logged into KeePassXC, and sure enough I could see the record for the site, so plainly demonstrated that even I could see it before coffee. So why wasn’t it being detected? Was it a case of Monday-itis?
-
Security updates for Monday
Security updates have been issued by CentOS (apr-util, bcel, c-ares, emacs, git, java-1.8.0-openjdk, libwebp, open-vm-tools, python, and python3), Debian (amd64-microcode, kernel, and thunderbird), Fedora (iperf3), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cjose, java-17-openjdk, jtidy, kernel-firmware, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, libqt5-qtbase, librsvg, libvirt, openssl-1_0_0, openssl-3, qemu, samba, thunderbird, and zabbix), and Ubuntu (linux-iot and wireshark).