Another Friday, More Microsoft Security Misstep Disclosures

June 28, 2021

I think Microsoft believes no one works on Friday. I learned in “Microsoft Warns of Continued Attacks by the Nobelium Hacking Group” that SolarWinds is the gift that keeps on giving. Microsoft appears to have mentioned that another group allegedly working for Mr. Putin has been exploiting Microsoft software and systems. Will a “new” Windows 11 and registering via a Microsoft email cure this slight issue? Sure it will, but I am anticipating Microsoft marketing jabber.

The write up states:

The Microsoft Threat Intelligence Center said it’s been tracking recent activity from Nobelium, a Russia-based hacking group best known for the SolarWinds cyber attack of December 2020, and that the group managed to use information gleaned from a Microsoft worker’s device in attacks. Microsoft said it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly targeted attacks as part of their broader campaign.” The affected customers were notified of the breach.

The applause sign is illuminated.

I spotted this remarkable statement in the write up as well:

It’s possible that successful attacks went unnoticed, but for now it seems Nobelium’s efforts have been ineffective.

Wait, please. There is more. Navigate to “Microsoft Admits to Signing Rootkit Malware in Supply-Chain Fiasco.” This smoothly executed maneuver from the Windows 11 crowd prompted the write up to state:

Microsoft has now confirmed signing a malicious driver being distributed within gaming environments.

This driver, called “Netfilter,” is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs.

The write up concludes:

This particular incident, however, has exposed weaknesses in a legitimate code-signing process, exploited by threat actors to acquire Microsoft-signed code without compromising any certificates.

Amazing. The reason cyber crime is in gold rush mode is due to Microsoft in my opinion. The high tech wizards in Redmond can do rounded corners. Security? Good question.

Stephen E Arnold, June 28, 2021

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, Microsoft, News

Comments

7 Responses to “Another Friday, More Microsoft Security Misstep Disclosures”

Researchers say the study of social media's large-scale societal impact should be treated as a "crisis discipline", like climate science or conservation biology (Shirin Ghaffary/Vox) - INFOSHRI on June 28th, 2021 10:46 am

[…] MSPoweruser, TechRadar, The Hacker News, Ubergizmo, HackRead, Wall Street Journal, ZDNet, Beyond Search, PCMag, Slashdot, PC Gamer, and HotHardware.com […]
Voyager Innovations, which develops popular Filipino payment and financial app PayMaya, raises $121M in new funding and $46M in previously committed funds (Catherine Shu) - INFOSHRI on June 28th, 2021 10:47 am

[…] MSPoweruser, TechRadar, The Hacker News, Ubergizmo, Wall Street Journal, HackRead, ZDNet, Beyond Search, PCMag, Slashdot, PC Gamer, and HotHardware.com […]
Lenovo unveils $679 Yoga Tab 13 Android tablet that works as a portable monitor, with a stainless steel kickstand and 1080p display (Monica Chin/The Verge) - INFOSHRI on June 28th, 2021 10:47 am

[…] MSPoweruser, TechRadar, The Hacker News, Ubergizmo, Wall Street Journal, ZDNet, HackRead, Beyond Search, PCMag, Slashdot, PC Gamer, Ars Technica, HotHardware.com News, and […]
Qualcomm unveils Snapdragon 888 Plus with 3GHz clock speed and a claimed 20% boost in AI capabilities, arriving in devices during Q3 2021 - INFOSHRI on June 28th, 2021 10:49 am

[…] TechRadar, The Hacker News, Ubergizmo, Wall Street Journal, ZDNet, MSPoweruser, HackRead, Beyond Search, PCMag, PC Gamer, Slashdot, Ars Technica, HotHardware.com News, and […]
Chainalysis: despite regulatory uncertainty, investments by Indians in cryptocurrencies grew from ~$200M to $40B in the past year, as 15M bought and sold coins - INFOSHRI on June 28th, 2021 10:51 am

[…] MSPoweruser, TechRadar, The Hacker News, Ubergizmo, Wall Street Journal, HackRead, ZDNet, Beyond Search, PCMag, Slashdot, PC Gamer, and HotHardware.com […]
UK-based CMR Surgical, which develops surgical robotic arms, raises $600M Series D led by SoftBank Vision Fund 2 at a $3B valuation - INFOSHRI on June 28th, 2021 10:52 am

[…] MSPoweruser, TechRadar, The Hacker News, Ubergizmo, HackRead, Wall Street Journal, ZDNet, Beyond Search, PCMag, Slashdot, PC Gamer, and HotHardware.com […]
Etsy says it will acquire Brazilian marketplace for creators Elo7 for $217M; the brand will remain standalone, operating out of Sao Paulo - INFOSHRI on June 28th, 2021 10:54 am

[…] MSPoweruser, TechRadar, The Hacker News, Ubergizmo, Wall Street Journal, ZDNet, HackRead, Beyond Search, PCMag, PC Gamer, Slashdot, Ars Technica, HotHardware.com News, and […]

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.