Connect with us

Technology

Microsoft describes how its leaders were spied on by Russian hackers

Published

on

Microsoft describes how its leaders were spied on by Russian hackers

The Russian state-sponsored hackers responsible for the SolarWinds attack launched a nation-state attack against Microsoft’s corporate systems, the company disclosed last week. Some members of Microsoft’s senior leadership team had their email accounts compromised by hackers, who may have been snooping on them for weeks or months.

Microsoft released a preliminary investigation of how the hackers circumvented its security measures, even though the software company’s original SEC report late on Friday had little details about how the attackers obtained access. It also serves as a warning that other firms have been targeted by the same hacking outfit, commonly known as Nobelium or by the weather-themed nickname “Midnight Blizzard,” which Microsoft uses to refer to them.

Initially, Nobelium used a password spray assault to gain access to Microsoft’s servers. Hackers employ a dictionary of possible passwords in this kind of brute force attack against accounts. Crucially, two-factor authentication was not activated on the compromised non-production test tenant account. In order to avoid discovery, Microsoft claims that Nobelium “tailored their password spray attacks to a limited number of accounts, using a low number of attempts.”

The group identified and compromised a historical test OAuth application that had elevated access to the Microsoft corporate environment by using the access they had gained from the previous attack. A popular open standard for token-based authentication is OAuth. It’s a widely used web feature that lets you log into apps and services without giving your password to a website. OAuth is used on websites that you might be able to get into with your Gmail account.

The group was able to produce more malicious OAuth apps and accounts thanks to this higher access, which also gave them access to Microsoft’s corporate network and, eventually, its Office 365 Exchange Online service, which gives users access to email inboxes.

“Midnight Blizzard leveraged these malicious OAuth applications to authenticate to Microsoft Exchange Online and target Microsoft corporate email accounts,” explains Microsoft’s security team.

Microsoft previously stated that it was “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” The company has not disclosed the exact number of its corporate email accounts that were targeted and accessed.

Additionally, Microsoft has yet to provide a precise timeframe for the duration of the hackers’ eavesdropping on its top leadership group and other staff members. Although the first attack happened in late November 2023, Microsoft didn’t become aware of it until January 12th. This could indicate that for almost two months, the attackers surveilled Microsoft leaders.

The same group of hackers had earlier this week gotten access to Hewlett Packard Enterprise’s (HPE) “cloud-based email environment.” Although HPE did not identify the supplier, it did disclose that the event was “probably connected” to the “exfiltration of a restricted quantity of [Microsoft] SharePoint documents as early as May 2023.”

The Microsoft hack happened a few days after the business declared its intention to restructure its software security in response to significant attacks on the Azure cloud. This is Microsoft’s most recent cybersecurity incident. A Microsoft Exchange Server vulnerability allowed 30,000 companies’ email systems to be compromised in 2021, and Chinese hackers used a Microsoft cloud attack last year to access emails belonging to the US government. The same Nobelium group that carried out this embarrassing executive email hack previously targeted Microsoft in the massive SolarWinds attack almost three years ago.

The cybersecurity community will probably take issue with Microsoft’s revelation that a crucial test account was operating without two-factor authentication. Although there was no software vulnerability in Microsoft, the hackers were able to stealthily navigate Microsoft’s corporate network thanks to a series of incorrectly set up test setups. “In an interview with CNBC earlier this week, George Kurtz, the CEO of CrowdStrike, questioned how the compromise of the highest ranking officials at Microsoft occurred in a non-production test environment.” “I believe there will be much more information released on this,”

Kurtz was correct; additional information has surfaced, but some crucial elements remain unreported. Microsoft asserts that in order to properly defend against these threats, “mandatory Microsoft policy and workflows would ensure MFA and our active protections are enabled” if this identical non-production test environment were implemented today. Microsoft still has a lot of explaining to do, particularly if it wants its users to think that it is genuinely making improvements to the way it develops, tests, builds, and runs its services and software to better defend against security risks.

Technology

Google experiments with Android tablets’ desktop windowing

Published

on

Google is testing a new feature for Android tablets that would allow you to easily rearrange apps on your screen and resize them, which will facilitate multitasking. Developer previews of the “desktop windowing” functionality are now accessible, and you can even run multiple instances of the app simultaneously if they support it.

At the moment, Android tablet apps always open in full screen mode. Each program will show up in a window with controls to let you move, maximize, or close it when the new mode is enabled. Moreover, your open programs will be listed in a taskbar at the bottom of the screen.

It sounds a lot like Stage Manager for the iPad, which allows you to do the same with windows on your screen, or with almost any desktop operating system. For years, Samsung has also provided its DeX experience, which gives Android apps on Galaxy phones and tablets desktop-like window management.

When the functionality becomes available to all users, you may activate it by tapping and holding the window handle located at the top of an application’s screen. The shortcut meta key (Windows, Command, or Search) + Ctrl + Down can also be used to enter desktop mode if a keyboard is connected. (You can drag a window to the top of your screen to dismiss the mode, or you can close all of your open apps.)

Apps that are locked to portrait orientation can still be resized, according to Google, which could have odd visual effects if some apps aren’t optimized. Google intends to fix this in a later release, though, by scaling non-resizable apps’ user interfaces without changing their aspect ratios.

For the time being, users with the most recent Android 15 QPR1 Beta 2 for Pixel Tablets can access the developer preview.

Continue Reading

Technology

Sony Faces Backlash for Pricing PlayStation 5 Pro Well Above Xbox

Published

on

Sony Group Corp. has set the price of its new, faster PlayStation 5 Pro at $700, significantly higher than Microsoft’s Xbox Series X, which costs $600. The PlayStation 5 Pro, launching on November 7, comes at a $200 premium over the original PS5, suggesting Sony is targeting a loyal audience willing to pay extra for enhanced performance.

This pricing positions both Sony and Microsoft at the high end of the gaming console market. Four years into their product life cycles, the two most popular home consoles are moving towards premium models. Analysts are split on whether Sony’s pricing strategy will drive sales, especially as it seeks to grow its entertainment portfolio across gaming, anime, and film.

Industry analyst Serkan Toto described the PlayStation 5 Pro as a niche device aimed at hardcore PlayStation users, rather than a mass-market offering. “It’s about Sony skimming the absolute top end of the market,” he said, with the gaming world questioning Sony’s high pricing.

Others speculate that Sony’s pricing strategy is aimed at boosting margins, particularly after recent price hikes in Japan due to rising component costs like chips. The new console will allow for higher resolution and faster frame rates without requiring users to switch between performance modes, delivering 45% faster rendering than the standard PS5, according to lead architect Mark Cerny.

Despite the steep price, some analysts believe Sony could benefit. Citi analyst Kota Ezawa pointed out that no previous game console successor has been priced significantly higher than the original model, and that the PS5 Pro’s improved components may not justify such a big price jump. Nevertheless, the higher price could enhance Sony’s gross margins.

The PlayStation 5, which has sold over 59 million units since its 2020 release, has slightly lagged behind the PlayStation 4. The increased cost of the PS5 Pro may narrow its appeal, as the price edges closer to that of a gaming PC—one of the console market’s biggest competitors.

Reviewers also highlighted the lack of a disc drive in the new model, reflecting a broader industry shift from physical media to digital content. A disc drive will be available separately for purchase.

In a blog post, Sony announced that the PS5 Pro would enhance the performance of older titles, with several popular games such as Hogwarts Legacy, Final Fantasy VII Rebirth, and Spider-Man 2 receiving free updates to take advantage of the console’s new features.

Continue Reading

Technology

Apple’s iPhone 16 Launch: A Crucial Test for Consumer AI

Published

on

Apple is set to unveil its highly anticipated iPhone 16 lineup on Monday, Sept. 9, during its annual event at its Cupertino headquarters. The keynote, led by CEO Tim Cook, is expected to introduce not only the new iPhones but also the 10th anniversary Apple Watch and updated AirPods.

While the hardware lineup is impressive, Wall Street’s focus is elsewhere—on Apple’s generative AI platform, Apple Intelligence. This AI initiative, designed for iPhones, iPads, and Macs, represents Apple’s major push into the consumer AI space. Initially, investors were concerned about the company’s delay in launching AI compared to Microsoft and Google. However, after the platform was revealed at Apple’s WWDC conference in June, the company’s stock surged by 15%, outperforming tech giants like Microsoft, Amazon, and Google.

Apple Intelligence is now positioned as a key feature of the new iPhones, particularly those from the iPhone 15 Pro and newer models. Analysts believe this exclusivity will drive iPhone sales, with Morgan Stanley’s Erik Woodring predicting AI as a major factor in boosting the iPhone replacement cycle.

However, Apple Intelligence might be more than just a sales driver—it could shape consumer perceptions of generative AI itself.

Apple’s AI Ambitions

Apple’s upcoming event makes it clear that AI is front and center. From the tagline “It’s Glowtime” to the colorful logo reminiscent of Siri’s new look, the company is signaling a major AI focus.

The AI features Apple is integrating into its ecosystem are extensive. Users can expect tools that summarize text conversations, prioritize emails, enhance Siri’s capabilities, and offer access to OpenAI’s ChatGPT. Additional features like AI-powered proofreading and email optimization will also be part of the package, along with new apps developed to leverage AI through Apple’s hardware.

Wedbush analyst Dan Ives forecasts that Apple’s AI integration could bring in an extra $10 billion in annual services revenue, potentially boosting the company’s market cap to $4 trillion.

Though competitors like Samsung and Google have also introduced AI in their devices, Apple’s approach seems more compelling. Its June event showcased how seamlessly AI integrates into its ecosystem, making the technology feel more personal and essential compared to the offerings from Samsung’s Galaxy AI and Google’s Gemini platform.

The AI Risk

However, Apple faces challenges in ensuring Apple Intelligence’s success. The AI needs to avoid errors like those seen in Google’s AI tools, which have been criticized for providing bizarre recommendations. More importantly, Apple must prove that its AI is something consumers will genuinely want to use, rather than just a rushed feature aimed at appeasing investors.

As Apple ventures deeper into AI, its success or failure could shape the future of generative AI for everyday consumers.

Continue Reading

Trending

error: Content is protected !!