Dark Reading’s Post

🚨 Just analyzed the recent Microsoft hack incident and here are some key takeaways: 🔐 Security Breach: Microsoft's Office 365 accounts faced a significant breach, allowing suspected Russian state-sponsored hackers access to all email addresses. 🛡️ Attack Method: Hackers utilized OAuth, exploiting a legacy admin account without multi-factor authentication on a production server. 🕵️♂️ Potential Motivation: Speculations suggest hackers sought insights into Microsoft's information on Russian activities. 👉 Security Lessons: Cloud services vulnerability highlighted - even with user diligence, provider mistakes can compromise security. 🛑 Privacy Risks of Cloud Services: Caution urged on services like Google Drive, OneDrive, and Dropbox due to potential malware scanning. 🔒 Alternatives and Recommendations:  - 📁 File Storage: Explore privacy-focused options like Cryptomator, 7-Zip, PicoCrypt, Mega, TresRit, Sync, and Proton Drive.  - 📧 Email Services: Consider encrypted services like ProtonMail, Tutanota, and Skiff, noting PGP limitations.  - 📱 Messaging Apps: Opt for secure messaging with Signal, Briar, and Session, steering clear of Telegram's privacy concerns. 📬 Email Privacy Issues: Common email services (Gmail, Office 365, Outlook Exchange, Yahoo) pose privacy threats with increased scanning. 🔐 Secure Messaging Services: Encouraging the shift to more secure messaging platforms like Signal, Briar, and Session. ❌ Telegram's Limitations: Criticizing Telegram for limited Secret Chats, emphasizing its mobile-only functionality and encryption gaps. #MicrosoftHack #PrivacyAwareness #CyberSecurity #SecureMessaging #PrivacyMatters

Very interesting strategy. Brute force attack on old email account. Old email accounts should be de-activated if an employee is no longer with the company.

Worried about how the Jan 24 Microsoft security breach during which Russian agents compromised Microsoft 365, OneDrive and MS based emails might affect your sensitive data? This is the second time since November 2023 this has happened and cyber security experts say a simple implementation of 2 factor authentication on internal MS test accounts would have prevented the breach... so it doesn't look like MS are taking the security of your stuff at all seriously. Just because your files are in the cloud and safe if your PC or laptop dies, it doesn't mean cloud services are keeping them safe from hostile agents. See this brilliant and informative vid: https://lnkd.in/eZv-TJHn I've been using Cryptomator for 8 years or more now to keep any sensitive stuff I keep in the cloud safe from hackers (and nosy cloud services, who check out all your stuff to learn everything about you so they can sell your details to advertisers). https://cryptomator.org/ Cryptomator is Open Source, uses strong encryption and the latest tech to keep your stuff safe and is GDPR-compliant. You can create a safe vault on your cloud drive (OneDrive, DropBox, Google Drive) and access it from Cryptomator running on your Mac, PC or Laptop, phone, tablet etc. I also use it to keep stuff locally on my laptop, tablet and phone safe - scans of my driving license, passport and other documentation that may be useful in an emergency away from home. If you don't fancy Cryptomator, at least 7Zip/encrypt your stuff before uploading, but honestly, Cryptomator is easier. And as Ken Harris in the video says, stop using WhatsApp! Use Signal instead :-)

Microsoft's own services are becoming increasingly popular among attackers for command-and-control purposes. This trend is not surprising, given the convenience and cost-effectiveness of using these services. Since attackers can easily evade detection by using these services, I’m curious about what approaches can be used to combat this.

This is a great AiTM insight 🚀 - using #SIEM & #SOAR in Microsoft Sentinel, leveraging 3rd party detection + network tables to detect and capture additional networks details.

Very interesting 4 min article on Microsoft Defender Experts for XDR

Interesting article in Dark Reading about the recent Microsoft breach, including interesting insights from Gem's CEO Arie Zilberstein - check it out below! https://lnkd.in/ddFM6VjU

Listen as Pearl Technology's Dave Johnson discusses how Microsoft and Hewlett Packard were hacked by Midnight Blizzard on The Greg and Dan Show. Here are some takeaways from today's broadcast: Who is Midnight Blizzard? Hacking group believed to be associated with Russia’s SVR (like our CIA). Also known as Nobelium, Cozy Bear, and APT29. They previously hacked SolarWinds in 2020 and the Democratic National Committee in 2016. The Microsoft breach… On January 12, Microsoft detected the breach. The actual attack occurred in November of 2023. The breach included email accounts of members of Microsoft's leadership team and employees in the cybersecurity and legal departments. The breach occurred using a password spray. Using a list of common passwords and trying them one at a time. The fact the password spray succeeded indicates the breached account was not using MFA or a wrong password limit. Microsoft says the account was in a test system, but a test system should not grant access into production systems. The Hewlett Packard breach… HPE announced the breach last week. Once again, the bad actor was Midnight Blizzard. Data was exfiltrated beginning in May 2023. The data included email accounts belonging to individuals in cybersecurity, go-to-market, business segments, and other functions. Midnight Blizzard was looking for information regarding their operations. Midnight Blizzard (APT29), Microsoft, and HPE are all HUGE players in the tech/cybersecurity world. #Breach #MidnightBlizzard #Cybersecurity #GregandDanShow #PearlTechnology

https://lnkd.in/etgT53Ck A good explanation of the Microsoft's Zero Trust vision and how to verify and trust usage of resources.