Microsoft hacked? What’s OKTA?

Topic

New Reply

The security buzz today is all about two related events. First off the reports are that source code from Microsoft’s Bing Search engine, Bing Maps and
[See the full post at: Microsoft hacked? What’s OKTA?]

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

abbodi86, windbg

Reply | Quote

Replies

OKTA CEO is saying that this event is related to an event in January

And they kept it silent for 2 months while hackers probably had a feat.

Reply | Quote

On dark net, it was mentioned that they got in over 8 month ago into MS just like the Solar Winds that broke in MS for months and release full source codes of Windows Xp, 7 and Windows 10. MS is now releasing it to quite down the rumors that have been spin for months and trying to cut down the time frame.

Reply | Quote

https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/?fbclid=IwAR20Scb5FUHdFU3mmpdmpHsV1ktIQ1iNQuOgpFG8BLeXUolBg_cynpioPbo

Microsoft’s post

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

windbg

Reply | Quote

If source code is acquired, there’s nothing to prevent a look-alike software clone.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Alex5723

Reply | Quote

Cybertooth: These are criminals that use extortion to get money from organizations they attack via social engineering and, I would guess, plain old hacking. Once they break in, they use plain extortion to get money.

What do you think they will do with their Windows clone? Sell it to someone that would then make and sell pirated versions?

Who would want to buy a pirated version of Windows? (Or of Windows? He sarcastically wrote,)

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

The above was in answer to Geekdom, not Cybertooth, sorry for the confusion!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Caught the hack report yesterday.
Reassuring  to get informed comment from ‘AskWoody’, when there are a plethora of ‘headless chickens’ on the rampage.
Regards . . .

Reply | Quote

Okta’s Investigation of the January 2022 Compromise

David Bradbury
Chief Security Officer

..In this post, I want to provide a timeline and my perspective on what has transpired, and where we are today with this investigation. I hope that it will illuminate why I am confident in our conclusions that the Okta service has not been breached and there are no corrective actions that need to be taken by our customers…

..Our investigation determined that the screenshots, which were not contained in the Sitel summary report, were taken from a Sitel support engineer’s computer upon which an attacker had obtained remote access using RDP. This device was owned and managed by Sitel. The scenario here is analogous to walking away from your computer at a coffee shop, whereby a stranger has (virtually in this case) sat down at your machine and is using the mouse and keyboard. So while the attacker never gained access to the Okta service via account takeover, a machine that was logged into Okta was compromised and they were able to obtain screenshots and control the machine through the RDP session…

..Over the past 24 hours we have analyzed more than 125,000 log entries to ascertain what actions were performed by Sitel during the relevant period. We have determined that the maximum potential impact is 366 (approximately 2.5% of) customers whose Okta tenant was accessed by Sitel…

Reply | Quote

Hackers going to hack nothing is perfectly secure. I find it interesting though how much of it is going on recently to big companies. It’s as if this stuff was already in place to just flip a switch to expose it. It appears none of this was caught by these companies own security.

1 user thanked author for this post.

wavy

Reply | Quote

anonymous wrote:

Hackers going to hack nothing is perfectly secure. I find it interesting though how much of it is going on recently to big companies. It’s as if this stuff was already in place to just flip a switch to expose it. It appears none of this was caught by these companies own security.

What security? MS does not care about security. This is why they let go their QA department. MS now is just a party house filled with party items and no works is done. Bring back Bill Gates. MS was hacked by teenagers…this show how secure  MS is. MS keep focusing on GUI things since they can not do anything else… Keep your lazy workers working of color changes and moving stuff around since need to keep them busy.

Reply | Quote

anonymous wrote:

MS was hacked by teenagers…this show how secure  MS is.

A single account accessed, possibly via SIM-swapping:

Actor actions targeting Microsoft

This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.

Would you expect Microsoft to be immune to all types of attack?

Reply | Quote

Would you expect Microsoft to be immune to all types of attack?

Yes. Microsoft has forced and already convinced 200 million of us to enable passwordless authentication that phone authentication. But phone is the weakest link. It is very common now for SIM swapping. Microsoft has not done anything to improve security. It has made it easier to break into accounts. This is why I am so surprise that people use their phones on public transportation.  This is where a lot of SIM info is obtain from and than sold online.

Reply | Quote

Actually they have, instead of a mere text message they now support a MFA that you have to match and number in the app.  It’s rolled out to Microsoft accounts as an option, it’s coming to enterprises.  But with all of this security stuff you have to opt in, as with anything in security making it mandatory gets a lot of pushback.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

But MFA is easy to bypass and easier than SIM swamping. Need just a generator to create the number. There are several of those out in the wild now. This is why it is a weak link.

Reply | Quote

Have you seen it in action?  You have to match the numbers on the app on your phone to the screen prompt, it’s not a random number generator.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Yes. There are source code that allow to generate these with very little knowledge needed. Yes, it is not random numbers but it follows patterns than anyone can figure out which makes it almost like random numbers generator.

Reply | Quote

b wrote:

Would you expect Microsoft to be immune to all types of attack?

In short ? YES.

I expect from a company with 99% of desktop OS share that promises to protect users, to be immune.

2 users thanked author for this post.

Cybertooth, DrBonzo

Reply | Quote

No company can be immune. Period.  Even they state they assume breach.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote