Microsoft: Helping Out Google Security. What about Microsoft Security?

June 14, 2022

While Microsoft is not among the big tech giants, the company still holds a prominent place within the technology industry. Microsoft studies rival services and products to gain insights as well as share anything to lower their standing such as a security threat, “Microsoft Researchers Discover Serious Security Vulnerabilities In Big-Name Android Apps.” The Microsoft 365 Defender Research Team found a slew of severe vulnerabilities in the mce Systems mobile framework used by large companies, including Rogers Communications, Bell Canada, and AT&T, for their apps.

Android phones have these apps preinstalled in the OS and they are downloaded by millions of users. These vulnerabilities could allow bad actors to remotely attack phones. The types of attacks range from command injection to privilege escalation.

The Microsoft 365 Defender Research Team shared the discovery:

“Revealing details of its findings, the security research team says: ‘Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could have been attack vectors for attackers to access system configuration and sensitive information’.

In the course of its investigation, the team found the mce Systems’ framework had a “BROWSABLE” service activity that an attacker could remotely invoke to exploit several vulnerabilities that could allow adversaries to implant a persistent backdoor or take substantial control over the device.”

Vulnerabilities also affected apps on Apple phones. Preinstalled apps simplify device activation, troubleshooting, and optimize performance. Unfortunately, this gives apps control over the majority of the phone and the bad actors will exploit them to gain access. Microsoft is worked with mce Systems to fix the threats.

Interestingly, Microsoft found the security threats. Maybe Microsoft wants to reclaim its big tech title by protecting the world from Google’s spies?

Whitney Grace, June 14, 2022

Microsoft and Security: This Must Be an April Fool Joke in May, Right?

May 27, 2022

I read “Pwn2Own Hackers Just Broke Into Windows 11 and Teams in a Single Day.” Was this an Onion article? A write up from a former Punch writer? An output from Google’s almost human super capable smart software?

Nope. The source is a reliable online publication called Make Use Of or MUO to its friends.

I learned:

Day one of Pwn2Own is over, and taking a look at the bounty board shows that Microsoft’s software didn’t stand up well to the onslaught. The event saw three successful attacks on Microsoft Teams, and two against Windows 11. Each successful hack was rewarded accordingly, with the lowest bounty coming in at an impressive $40,000, and the biggest at an eye-watering $150,000.

Ah, Windows 11 and the feature-spawning Teams!

My view of Windows 11 is that it was pushed out to distract some Silicon Valley type news reporters from the massively bad SolarWinds’ misstep. Few agree with me.

Be that as it may, Windows 11 does not seem to be the paragon of security that I thought Microsoft explained. You know, the TPM thing and the idea that certain computers were not able to deal with the the Millie Vanillie approach to security. Catchy lyrics, but not exactly what paying customers expected.

The article cited concludes with this statement:

With hackers putting up big wins against Microsoft’s apps at Pwn2Win, it shows that the company’s software is perhaps not as secure as it should be. Hopefully, Microsoft can publish fixes for these exploits before they fall into the wrong hands.

Will Microsoft, like Netgear, find that it cannot “fix” certain issues with its software and systems.

Stephen E Arnold, May 27, 2022

Some Criticism of Microsoft? Warranted or Not?

May 13, 2022

Microsoft’s LinkedIn comes out on top—in one regard, anyway. IT-Online reports, “LinkedIn the Brand Most Imitated for Phishing.” In its Brand Phishing Report for the first quarter of 2022, Check Point Research found the professional network was imitated in more than half of all phishing attempts during January, February, and March. The write-up tells us:

“Dominating the rankings for the first time ever, LinkedIn accounted for more than half (52%) of all phishing attempts during the quarter. This represents a dramatic 44% uplift from the previous quarter, where the professional networking site was in fifth position accounting for only 8% of phishing attempts. LinkedIn overtook DHL as the most targeted brand, which is now in second position and accounted for 14% of all phishing attempts during the quarter.”

Social media platforms in general jumped in popularity as phishing spots. Shipping companies like DHL, which became attractive targets with the rise in e-commerce, are now in second place. Apparently different types of companies make juicy bait for different kinds of attacks. The article quotes Check Point’s Omer Dembinsky:

“Some attacks will attempt to gain leverage over individuals or steal their information, such as those we’re seeing with LinkedIn. Others will be attempts to deploy malware on company networks, such as the fake emails containing spoof carrier documents that we’re seeing with the likes of Maersk.”

Of course, a phishing attack can only work if someone falls for it. Do not be that person. Dembinsky advises:

“The best defense against phishing threats, as ever, is knowledge. Employees in particular should be trained to spot suspicious anomalies such as misspelled domains, typos, incorrect dates and other details that can expose a malicious email or text message. LinkedIn users in particular should be extra vigilant over the course of the next few months.”

In Check Point’s list of the top ten companies to find themselves on phishing hooks, LinkedIn and DH are followed by Google (at 7%), Microsoft (6%), FedEx (6%), WhatsApp (4%), Amazon (2%), Maersk (1%), AliExpress (0.8%), and Apple (0.8%).

Cynthia Murrell, May 13, 2022

Cyber Security: Oxymoron?

May 9, 2022

I read an interesting article called “Botnet That Hid for 18 Months Boasted Some of the Coolest Tradecraft Ever.” I am not sure I would have described the method as “cool,” but as some say, “Let many flowers bloom.”

The main point of the article is a sequence of actions which compromise a target without calling attention to the attack or leaving size 13 digital footprints. The diagrams provide a broad overview of the major components, but there are no code snippets. That’s a plus in my book because many cyber revelations are cookbooks with easy-to-follow recipes for dorm room cyber snacks.

What caught my attention is this statement in the excellent write up:

One of the ways the hackers maintain a low profile is by favoring standard Windows protocols over malware to move laterally. To move to systems of interest, UNC3524 used a customized version of WMIEXEC, a tool that uses Windows Management Instrumentation to establish a shell on the remote system.

I also noted:

“Once UNC3524 successfully obtained privileged credentials to the victim’s mail environment, they began making Exchange Web Services (EWS) API requests to either the on-premises Microsoft Exchange or Microsoft 365 Exchange Online environment,” the Mandiant researchers wrote. “In each of the UNC3524 victim environments, the threat actor would target a subset of mailboxes….”

With the core functionality of the Microsoft software and services the pivot on which the system and methods of the attacker pivot, what does this suggest about cyber security going forward?

My answer: There is an attack surface of significant scope. Plus, undetectable but for specialized analyses. The ball is in the hands of Microsoft. The bad actors just toss it around.

Stephen E Arnold, May 9, 2022

NCC April Microsoft: Customer and User Focused?

April 29, 2022

Bill Gates designed Microsoft to make personal computers more user friendly. While the Microsoft operating system is among the easiest to learn, unfortunately it is also the most hackable. Black hat bad actors adore Microsoft systems, especially when the company releases a new update. Bleeping Computer shares a problem with the newest Windows update: “Microsoft: Windows Domain Controller Restarts Caused By LSASS Crashes.”

The bug occurred in the Local Security Authority Subsystem Service (LSASS). The LSASS crashed, users lost access to their Windows accounts, shown an error message, then the system rebooted. The LSASS crash bug was one of many issues that a Microsoft patch fixed in January 2022:

“Microsoft addressed the LSASS crash issue in out-of-band updates released in mid-January 17 [1, 2] to fix numerous other critical bugs introduced during the January 2022 Patch Tuesday, including Hyper-V no longer starting, L2TP VPN connections failing, and ReFS volumes becoming inaccessible.”

Bad actors discover coding errors in Microsoft systems then exploit them. The bad actors detect many vulnerabilities during updates, then they quickly devise plans to take advantage of users. Threat Post explains a new hacker trick in, “Microsoft Accounts Targeted By Russian-Themed Credential Harvesting.” Russia has threatened cyber attacks with their current war plan, so it did not take long for bad actors to create spam campaigns. The spam email reads:

“Unusual sign-in activity

We detected something unusual about a recent sign-in to the Microsoft account

Sign-in details

Country/region: Russia/Moscow

IP address:

Date: Sat, 26 Feb 2022 02:31:23 +0100

Platform: Kali Linux

Browser: Firefox

A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.

Report the user

Thanks,

The Microsoft account team”

As with other spam, users are encouraged to click on a link and submit a response. If users respond to the link, they will most likely receive an email asking for login details and payment information.

My thought was that Windows Defender and other Microsoft security services would handle these types of issues. Guess not.

Whitney Grace, April 29, 2022

Microsoft: A Consistently Juicy Target

April 25, 2022

I am perched in Washington, DC, checking news flows. What did I spy this morning (April 24, 2022)? This article caught my eye: “Microsoft Exchange Servers Are Being Infected with Ransomware.” Is this a remembrance from times past? The story asserts as actual factual (but who knows anymore?):

In the attack the team studied, Hive commenced its assault via the exploitation of ProxyShell, a collection of Microsoft Exchange Server vulnerabilities (and critical ones at that) that provide a way for attackers to remotely execute code. Microsoft reportedly patched this problem in 2021.

The key phrase in this allegedly accurate write up is “Microsoft reported patched this problem in 2021.”

Several observations:

  • Yo Windows Defender and the other Microsoft security systems, “What’s shaken’?”
  • What’s with the “reportedly”? If the write up is accurate, the problem was fixed.
  • How many thousands of bad actors are involved in this problem? Probably quite a few because this is CaaS, crime as a service.

Net net: Microsoft may be faced with security problems for which there is no reliable remediation. PR, however, is quite easy to deploy.

Stephen E Arnold, April 25, 2022

Has the Softie Been Winged by EU Antitrust Regulators?

April 25, 2022

I read “ Microsoft on EU Antitrust Regulators’ Radar after Cloud Practices Complaints by Rivals.” The big outfit in Redmond has been keeping a low profile, allowing Amazon, Apple, Facebook / Zuckbook, and Google take the glow in the dark paint ball pellets. Now the Softie has been splatted in acid green polyethylene glycol. Lookin’ good in spring colors I suppose.

The write up states:

Microsoft’s rivals and customers have been served a questionnaire with various queries by EU antitrust regulators seeking information about the company’s business and licensing deals. The latest action hints at a possible formal investigation into Microsoft’s cloud business that might take place down the line.

Paint balls can sting, but direct hits are fairly safe, just messy. Take two or three in one eye, and the target might stumble around looking for a safe haven.

What competitors are not happy with Microsoft’s approach to the cloud market? The write up names NextCloud and OVHcloud, and others may have shared their thoughts.

The next volley of shots may not be from paint ball guns. More lethal weapons might be flown over the customer centric folks in Redmond. Microsoft has coughed up money in the past, and it may have to bleed some cash to make the possible legal drones stop dropping grenades from the clouds.

Stephen E Arnold, April xx, 2022

Microsoft: Twice Cooked PR with Ban Mao?

April 18, 2022

Going green is important. Microsoft is important. Therefore, Microsoft is going green. How that logic for you, gentle reader. The editors at Fast Company followed this line of reasoning and enjoyed a sizzling plate of twice cooked PR with ban mao in “Microsoft’s Hottest New Product Is a Wok.” Yep, a wok for the woke maybe?

The write up states:

The wok is part of Microsoft’s brand new all-electric kitchen at its headquarters outside Seattle, where nearly 50,000 employees are based. The company is adding 3 million square feet of offices and facilities, and the entire project is being designed to be powered by a vast geothermal system and produce zero carbon emissions. A big part of getting there was eliminating fossil fuels from its energy portfolio. And one of the biggest users of fossil fuels were the company’s kitchens.

I wonder if Microsoft and Fast Company looked at the Microsoft Azure server farms and calculated what percentage of the energy these installations consumed and then answered this question: How much of the energy consumed is of the going green, whale saving variety?

No.

No surprise. I would like a century egg too. I wonder if Fast Company has ordered some Microsoft ads to accompany the article.

Stephen E Arnold, April 18, 2022

Google Hits Microsoft in the Nose: Alleges Security Issues

April 15, 2022

The Google wants to be the new Microsoft. Google wanted to be the big dog in social media. How did that turn out? Google wanted to diversify its revenue streams so that online advertising was not the main money gusher. How did that work out? Now there is a new dust up, and it will be more fun than watching the antics of coaches of Final Four teams. Go, Coach K!

The real news outfit NBC published “Attacking Rival, Google Says Microsoft’s Hold on Government Security Is a Problem.” The article presents as actual factual information:

Jeanette Manfra, director of risk and compliance for Google’s cloud services and a former top U.S. cybersecurity official, said Thursday that the government’s reliance on Microsoft — one of Google’s top business rivals — is an ongoing security threat. Manfra also said in a blog post published Thursday that a survey commissioned by Google found that a majority of federal employees believe that the government’s reliance on Microsoft products is a cybersecurity vulnerability.

There you go. A monoculture is vulnerable to parasites and other predations. So what’s the fix? Replace the existing monoculture with another one.

That’s a Googley point of view from Google’s cloud services unit.

And there are data to back up this assertion, at least data that NBC finds actual factual; for instance:

Last year, researchers discovered 21 “zero-days” — an industry term for a critical vulnerability that a company doesn’t have a ready solution for — actively in use against Microsoft products, compared to 16 against Google and 12 against Apple.

I don’t want to be a person who dismisses the value of my Google mouse pad, but I would offer:

  • How are the anti ad fraud mechanisms working?
  • What’s the issue with YouTube creators’ allegations of algorithmic oddity?
  • What’s the issue with malware in approved Google Play apps?
  • Are the incidents reported by Firewall Times resolved?

Microsoft has been reasonably successful in selling to the US government. How would the US military operate without PowerPoint slide decks?

From my point of view, Google’s aggressive security questions could be directed at itself? Does Google do the know thyself thing? Not when it comes to money is my answer. My view is that none of the Big Tech outfits are significantly different from one another.

Stephen E Arnold, April 15, 2022

Windows System Flaw Exploited In Ransomware

April 15, 2022

Will your Windows 11 set up result in losing your data? That’s a rumor. We learned that there may be other risks in the Microsoft ecosystem as well.

Microsoft Windows is the most deployed operating system in the world. It is also the easiest operating system to learn and, unfortunately, exploit. Tech Radar explains how bad actors hack Windows systems in the article, “Windows And LinkedIn Flaws Used In Conti Ransomware Attacks, Google Warns.”

The Conti ransomware group Exotic Lily work as initial access brokers to hack organizations, steal their digital data, and ransom it back to the rightful owners or sell access to the highest bidder. What is interesting is ransomware groups usually outsource their initial access efforts before taking over the attack, then deploying the malware. Google’s Threat Analysis Group research Exotic Lily and was surprised by the amount of advanced tactics and the large amount of grunt work it does. The Threat Analysis Group discovered that Exotic Lily works in the following way:

“The group would use domain and identity spoofing to pose as a legitimate business, and send out phishing emails, usually faking a business proposal. They would also use publicly available Artificial Intelligence (AI) tools to generate authentic images of humans, to create fake LinkedIn accounts, which would help the campaign’s credibility. After initial contact has been made, the threat actor would upload malware to a public file-sharing service, such as WeTransfer, to avoid detection by antivirus programs, and increase the chances of delivery to the target endpoint. The malware, usually a weaponized document, exploits a zero-day in Microsoft’s MSHTML browser engine, tracked as CVE-2021-40444. The second-stage deployment usually carried the BazarLoader.”

The Threat Analysis Group believes Exotic Lily is an independent operator and works for the highest bidder. It has used ransomware attacks based on Conti, Wizard Spider, and Dial. Exotic Lily targets healthcare, cyber security, and IT organizations, however, it has been expanding its victim base.

But is Google overstating, do some marketing, or trying to help out valued users?

Whitney Grace, April 11, 2022

Next Page »

  • Archives

  • Recent Posts

  • Meta