Quote:For the second time in six months, Microsoft has disclosed that spies affiliated with a foreign intelligence service breached the company’s systems, this time accessing the emails of senior company executives. And for the second time in as many months, officials in Washington along with security researchers and executives are arguing that the company simply isn’t doing enough to secure its systems.
“This is yet another wholly avoidable hack that was caused by Microsoft’s negligence,” Sen. Ron Wyden, D-Ore., said in a statement to CyberScoop.
Wyden is one of a growing number of Microsoft critics who argue that a series of breaches at the company raise questions about whether it is prioritizing and making sufficient investments in security. With Microsoft providing key computing infrastructure to the U.S. government, critics like Wyden argue that the company needs to be prodded to place security at the center of its work. “The U.S. government needs to reevaluate its dependence on Microsoft,” Wyden said.
The most recent breach involved the hacking group best known as Cozy Bear, which is believed to be a unit of Russia’s foreign intelligence service SVR. The group breached what Microsoft described as a “legacy non-production test tenant account” using a password spraying attack. Such an attack is among the most basic of ways to compromise a computing system and would typically be prevented by multi-factor authentication — the kind of simple security hygiene that companies like Microsoft have for years encouraged their users to adopt.
...
In a statement, a spokesperson for Microsoft said that “the attack was not the result of a vulnerability in Microsoft products or services” and that “there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.”
Eric Goldstein, CISA’s executive assistant director for cybersecurity, said in a statement to CyberScoop that the agency is “closely coordinating with Microsoft to gain additional insights into this incident and ensure necessary transparency so we can understand impacts from this compromise. As noted in Microsoft’s announcement, at this time we are not aware of impacts to Microsoft customer environments or products.”
Quote:The U.S., U.K. and Australian governments on Tuesday sanctioned a Russian man for his role in the October 2022 ransomware attack on Medibank, Australia’s largest private health insurance provider.
Alexander Ermakov, a Russian national, “played a pivotal” role in the attack, which compromised health insurance data for nearly 4 million Australians and included more than 9.7 million stolen records, according to the U.S. Treasury Department.
The move comes a day after the Australian government announced what the Sydney Morning Herald said was that country’s first use of cyber sanctions laws in this fashion. Australian authorities also said they are looking to arrest Ermakov and are investigating any of his known associates.
Ermakov is linked to the REvil ransomware operation, which, at one time, was “among the most notorious cybercrime gangs in the world,” having been deployed on approximately 175,000 computers worldwide and tied to at least $200 million paid in ransom, according to the U.S. Treasury statement.
Quote:Business Insider reports that over the weekend, many X/Twitter users reported that regular images, including innocent pictures of books, trees, and cars, were blurred and tagged as “graphic content” on the platform. This issue is the latest in a series of technical glitches that X/Twitter has faced since Musk’s acquisition of the platform in October 2022.
In response to the issue, Musk acknowledged the problem in a post on his platform, stating that “an X spam/scam bot accidentally flagged many legitimate accounts today. This is being fixed.”
The social media site also addressed the issue through its “Safety” account, confirming that a bug had caused numerous posts to be incorrectly labeled and assuring users that the underlying problem was resolved and efforts were underway to remove the misapplied labels.
This glitch follows several other technical challenges faced by X/Twitter under Musk’s leadership. Notably, in December, the site experienced its largest outage since Musk’s takeover, with nearly 100,000 users reporting issues. Other notable incidents include a bug in August 2023 that temporarily disrupted all pictures and links posted before 2014, and a brief period in July when the site became largely unusable due to “rate limits” allegedly introduced to manage high levels of “data scraping.”
These repeated technical difficulties coincide with significant workforce reductions at X/Twitter
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE