Category Archives: Microsoft

Many Microsoft vulnerabilities are discovered every day. Our articles try to relay as many as possible in order to warn our dear readers and protect them from hackers!

Hackers offer to resell pirated source codes to Microsoft

During the SolarWinds-related computer incident, some Microsoft-owned source codes were hacked.

The American giant Cisco, was also affected by the same incident. Returning to the charge, cybercriminals offer to monetize its Source Codes for money and it is to American companies that they make the proposal for 600,000 U.S. dollars.

This article will also interest you: Cyberattack against SolarWinds

To recaps, we recall that Microsoft, the American digital giant, had been hit hard by a computer attack following the intrusion into the Oracle software of SolarWinds. The cyber attack was blamed on a group of cyber criminals believed to be linked to Russia. On the Microsoft side, it was indeed confirmed a computer attack that allowed cyber criminals to access its source code. But according to the US giant, there is no clear evidence that this access allows cybercriminals to endanger the security of Microsoft's products, as well as microsoft's customer data.

Yet hackers, offer to whom might be interested, data that they have in their possession. And among this data would be a partial source code of Windows, the operating system provided by Microsoft. In addition to this, cyber criminals claim to have source codes for certain products from Cisco and even SolarWinds and security solutions publisher FireEye. As a reminder, the computer attack on SolarWinds was revealed last December. In the days that followed, cybersecurity firm FireEye said it had also been attacked, and that one of the most important tools, the Red Team, was compromised. Subsequently, the security solutions publisher reported that it had observed movements from the computer attack. It would be based on a malware known as Sunburst; malware that has been used to attack private companies and public organizations. This, through the corruption of a management program, Orion of SolarWinds.

On December 31, redmond's firm reported on the cyberattack that hit SolarWinds.As a result, the U.S. company stated that it "detected unusual activity on a small number of internal accounts and upon review, we discovered that an account had been used to view the source code in several source code repositories."

According to Jake Williams, a former NASA hacker and founder of Rendition Infosec, this act of hackers could be aimed at blurring the lines: "One last thought on #solarLeaks: the alleged sale is only for commercially interesting things, not for data of intelligence value. The fact that no intelligence data (Treasury, Trade, etc.) has not been proposed suggests that this could be the real group," read a recent tweet. "A pure play scammer would probably offer alleged data from these organizations as well. It could even take the bait of other intelligence organizations. At these prices, no one buys that commercial data, so I'm still leaning towards an attribution error." Added the latter. It also states that: "The relevance of the phrase "no data having any intelligence value" is just that I don't think most scammers would have thought that (more data announced – more opportunities). I would also expect them to lower prices to a perhaps more reasonable level in the hope of getting someone biting."

"There is no meat on this bone until there are others," he tweeted in his thread. "The only things to take into account are: We have already seen Russian threat actors use this kind of false trail to blur the attribution trails; Don't let yourself be fooled. That's all. That's the whole story," he concludes.

It should be noted that the Shadow Brokers hacker group had already done so. But this time, it was the NSA that the proposal was made to buy back the data stolen during the hacking. Then they looked for the highest bidders. In this case, for example, the hackers had totally told the truth. Their hacking had enabled them to collect sensitive information in 2016. After several negotiations, the hackers simply published a link that allowed anyone interested to access the content of the information they had managed to steal. This information has not failed to shock the IT community. Especially the famous Eternal Blue.

Now access an unlimited number of passwords:

Check out our hacking software

Microsoft's source code exposed

According to the information circulating in recent moments, hackers who managed to hack Microsoft managed to gain access to the source code of the American giant Microsoft.

The American giant had for its part mentioned two weeks ago that it had discovered a backdoor in your system, through the software of SolarWinds, following an update. The spokesperson at the time said that he had not discovered any intrusions or breaches in his entire system. Subsequently the Reuters news agency had reported that Microsoft's product was used by cyber criminals to accentuate other large-scale cyberattacks.

This article will also interest you: Zoom, Microsoft Teams – Slack: have IT risks increased

Yet last Thursday, Microsoft officials acknowledged that hackers had been able to access their source codes to take a look at them. This situation is entirely plausible in the sense that the American company had not failed to mean that it too was using the Orion management software, proposed by SolarWinds, the software that allowed the cyber attack to be able to access the computer network of several public and private administrations. Redmond's company denied a statement by the Reuters news agency that hackers may have compromised the giant's computer network.

Last December, the US cybersecurity agency released a report explaining how several Microsoft Azure cloud services were compromised by hackers. U.S. agency then advises users to lock the entire computer system to this network to begin to protect their data. Who has affected various U.S. administrations also directly affect the nuclear security agency is the Department of Energy.

"Like other SolarWinds customers, we have actively searched for indicators of this player and can confirm that we have detected malicious SolarWinds binaries in our environment, which we have isolated and deleted. We found no evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indication that our systems were used to attack other people," Microsoft said.

With Thursday's release, Redmond's company confirmed that hackers did use the backdoor to exploit some of the security vulnerabilities offered to them. However, while Microsoft has clarified that their source code has been accessed by cyber criminals, the nature of this source code is still unknown. We can only say that it was something quite valuable for the architecture of Redmond's firm itself. In a blog post, Redmond's company states that cybercriminals have successfully accessed the code by compromising an employee's account.

"However, our investigation revealed attempts at activities that went beyond the mere presence of malicious SolarWinds code in our environment." "We detected unusual activity on a small number of internal accounts and after reviewing, we discovered that an account had been used to view the source code in several source code repositories," Microsoft said in its blog post.

The cyberattack that caused all this heckling will be the work of Cyber criminals of Russian origin, according to a statement by Secretary of State Mike Pompeo. A position that is shared by many U.S. intelligence agencies.

As for our case, Microsoft clarified that hackers had been able to view the source codes, they did not have the privilege of modifying them.

"The account was not authorized to change the code or technical systems and our investigation confirmed that no changes had been made. These accounts have been investigated and remedied," the blog post read. "This activity has not jeopardized the security of our services or our customers' data, but we want to be transparent and share what we learn by fighting what we believe to be a very sophisticated player in the nation-state."

Microsoft reassures that this intrusion is not likely to endanger the security of its services as well as the data of its customers. However, there is no denying that having been able to access this information can enable cybercriminals to set up on several types of cyber malice.

"Intruders can search the source code for software vulnerabilities that they could exploit, adding new weapons to their cyberwar zone," said Mike Chapple, a professor of computer science at the University of Notre Dame who is also a former national security agency computer scientist.

"Having access to the source code gives hackers the plan to create the software and makes it easier. Access to the source code gives hackers the blueprint for creating the software and makes it easier for them to discover new vulnerabilities," he adds. "Hackers can always try to reverse engineering on software vulnerabilities, but having the source code gives them a shortcut," says the professor.

Now access an unlimited number of passwords:

Check out our hacking software

Windows 10: What you need to know about the blue screen scam

For some time, it has been discovered or even suffered a new form of scam.

It is based primarily on Microsoft's recent Windows 10 operating system.Clearly it is the users of this system who are targeted. How does that manifest itself. Very simply by the sudden appearance of a blue screen as a sign of a problem or technical failure. If you are in this case, do not be fooled, it is not a technical problem. Rather, it was a hacker who counterfeited the screen.

This article will also interest you: The United States preyed on ransomware

When the blue screen appears. The user is informed by a message that appears on the screen that tells him that his computer is attacked by a computer virus that is likely to cause him to lose all of his data. It is suggested that the user call a number that appears on the screen, so that he or she can contact a Microsoft game technical advisor to help them respond to problems.

In practice the tactic is very convincing. For any user who is not vigilant enough, it is very easy to be fooled. In any case, users largely do not hesitate to call the number, because of the threat of losing important files.

The authorities informed of this problem did not fail to react immediately to inform as many people as possible as soon as possible. On the website, he clarified that the number supposedly directed to Windows technical support is not the right one. The government website did not fail to specify that it is cybercriminals who pretend to be Microsoft technicians for the purpose of Nantes only collecting data but also pushed users to commit missteps. Indeed, cyber criminals when they are contacted by victims, means that they will first take control of the computer in order to be able to correct the problem. They also ask people to pay for software that will be installed to solve the technical failure which in reality is not one. A simple enough technique to extract money from people not alert enough.

For those facing this situation:

– First of all, don't panic.

– Under no circumstances should the number shown on the screen be called

– The user then has to clean up the entire app, or even uninstall the ones that appear suspicious.

The American giant gives some tips to follow when users are faced with this kind of scam:

– If in doubt for Microsoft's technical support number, use another computer or smartphone to check on the Internet.

– The victim must keep enough evidence to be able to file a complaint with the authorities afterwards.

– In addition, the message that appears on the screen may contain errors that may attract the victim's attention. Also, we will have to be vigilant.

Now access an unlimited number of passwords:

Check out our hacking software

Pluto: the security chip inherited from the Xbox

Later this week, the American giant of Redmond, Microsoft announced its security chip called Pluto.

A chip from his famous console, the Xbox. A chip that is dedicated to computers that is to run on Windows. Speaking of chips, we are referring to a chip without strengthening the protection of target terminals. The goal is to be able to respond to several vulnerabilities that deeply affect Windows computers and that manufacturers are struggling to get rid of. Notably the Security fault Meltdown and Spectre. We will have to wait for possible future integration in the processors provided by Intel, Qualcomm and AMD. In the future, the security chip provided by Microsoft will have to take the place of those that already exist and used without providing the necessary security in the face of persistent vulnerabilities in TPM chips.

This article will also interest you: Apple: The giant's security chip compromised

It must be admitted that Microsoft is really committed to securing the computers that will have to run on its operating system. It's a three-tiered security. At the operating system level at the processor level and at the level of the computer hardware itself. In this way, users will be able to be protected from attacks that have persisted for several years now without any solution being found. On this fact, the IT world then relies a lot on this giant chip of Redmond.

As mentioned above, the Pluto chip provided by Microsoft is based on the same computer programs used by the Redmond giant to protect its Xbox consoles. The idea of using it to replace the TPM (Trusted Platform Module) chip, which has currently been used to equip computers that run Windows 10 and for protective encryption developed by Microsoft's operating system, is explained by the fact that the technology used by Xboxes prove their effectiveness.

The peculiarity of Pluto is the fact that it is designed from the base specifically to integrate the processors of Qualcomm, AMD and Intel. Microsoft has been working with these three companies to challenge themselves from the beginning. This differentiates Microsoft's chip from TPM chips that they are usually integrated with the motherboard and not with the processors. This unfortunately makes it difficult to protect the exchanges between its various components, allowing anyone who can access a computer to take advantage of this vulnerability.

"Xbox has this protection against physical attacks, so people can't just hack it to launch games," says Microsoft's head of OS security, David Weston. "We've learned effective engineering strategies from it, which is why we're using this knowledge to partner with Intel and build something for the PC that will withstand emerging attack vectors," he adds, pointing to the Spectre and Meltdown flaws that have particularly affected Intel's processors.

But the trick is not yet played. Because we need to make sure that we make sure that microsoft chips are transitioned to the TPM chips already in circulation. However, Redmond's firm points to the fact that Microsoft's Pluto chips, if they are based on the same principles as TPM chips, it is particularly sophisticated. "This is a better, tougher, faster and more consistent TPM chip. We will provide the same APIs as for the TPM platform today, so the idea is that anything that can use a TPM chip can us[Pluton]e." Says security manager David Weston.

In short, the windows 10 computer program whose BitLocker encryption identification through Windows Hello will be usable with Pluto chips when they are deployed. In addition Microsoft promises monthly chip update through the usual Tuesday patch of its update program.

For now, we can count on the commitment of Qualcomm, AMD and Intel who have confirmed the integration of pluto in the next generation of processors they will produce. It is possible to consider that my chip plus Microsoft time may be compatible with Linux. Although this has not yet been confirmed by Redmond's firm.

Now access an unlimited number of passwords:

Check out our hacking software

Microsoft fixes 17 critical flaws during Tuesday patch

With the November 2020 Patch Tuesday, the Redmond giant was able to fix nearly 112 security flaws, 17 of which are critical.

Moreover, the majority of these vulnerabilities could allow hackers to run malicious code remotely. Microsoft also took the opportunity to plug the Zero Day security flaw discovered by Google Project Zero specialists.

Among these critical security vulnerabilities, it had one that directly affects Windows' NFS protocol and its 2049 port.

This article will also interest you: Security flaw corrected at Microsoft

One imagines in advance the work that will weigh on Microsoft engineers for the release of this set security patch time of the month of November. Because it is more than a hundred security flaws that will have to be corrected. Of these 112 security vulnerabilities, 93 present themselves as significant with two weak security vulnerabilities. Many of these flaws result in the malicious codes being run remotely. The most important that has been identified under the identification of CVE-2020-17051, present in the NFS (Network File System) is the vulnerability to be fixed as quickly as possible.

As a reminder it should be noted that the Network File System protocol is important in that it is the client-server protocol because it allows users to access files on a computer network and use them as if they were present in a local file directory. According to computer security experts, cybercriminals will soon take a closer look at port 2049, which is specific enough to the NFS, to determine whether the fix has effectively plugged the breach.

In addition, attention will be made to certain vulnerabilities such as CVE-2020-17053 and CVE-2020-17052. these are security vulnerabilities that can allow cyber criminals to easily corrupt the memory of the Internet Explorer engine, Microsoft's browser. For the flaw in the printing spor, CVE 2020-17042, it has been corrected by Microsoft. It was also likely to allow criminals to have much more privilege "Exploiting this vulnerability requires user interaction, but it is characterized by a low-complexity attack, which increases the risk of compromise," notes in its analysis of Patch Tuesday, Qualys. According to the latter, special attention will need to be paid to security fixes that deal with workstations including Exchange Server, Windows codecs, GDI, browsers, because of the increasing development of telecommuting.

In addition, with regard to the CVE-2020-17087 flaw, detect unveiled by Google's search group, Project Zero, and which made the front page last week, Microsoft also corrected it with another that directly affects Google's browser, Chrome. For the flaw discovered by Google, Redmond's firm notes that Google exaggerates a little about the seriousness of it. Microsoft supports the idea that physical access to Windows server terminals, Windows 10, RT, 8.1, 7 is required to succeed in the hacking described.

With the November Patch Tuesday, Microsoft is taking the opportunity to remove the CVE description section. The firm's Security Response Center favours greater relis and use of the Common Vulnerability Scoring System (CVSS). "It's a precise method that describes vulnerability with attributes such as the attack vector, the complexity of the attack, whether an opponent needs certain privileges, etc.," Microsoft writes. Some experts have criticized this choice, saying that a lot of useful data for administrators will be lost and that they will have a hard time prioritizing the flaws that need to be fixed.

Now access an unlimited number of passwords:

Check out our hacking software