🆘 Microsoft's cybersecurity crisis, larger than expected

Oioioooooi, welcome to another Security weekly!
I’m currently in the proces of moving my domain to a new hosting platform, so if the website is a little wonky: you know why!

In this week's edition:
🆘 Microsoft's cybersecurity crisis, larger than expected
📰 Bits & Bytes
❓ Disable User explains: Azure AD Authentication Token
🔥 meme of the week

Reading time: 02:29

Microsoft's cybersecurity crisis, larger than expected

I wrote something short about it last week, but more details are surfacing everyday.

Some people might not agree with this, but:
Microsoft is the biggest cybersecurity company in the world.
Pro tip: if you’re bored and like to see people raging, you should post this on any social media platform.

And if they get hacked, we might have a problem.

To understand why, let me first lay out a small timeline:

• May 15 Storm-0558 starts the rampages using forged Azure AD authentication tokens.

• June 16 Microsoft identified the malicious campaign and takes action.

• July 11 Microsoft confirms it was hacked, through 2 blogs, and takes responsibility.

• July 14 Microsoft releases an analysis acknowledging user mail was accessed. (check it out. Very insightful for aspiring security professionals)

• July 19 Microsoft announces it will roll-out it’s - until now - Premium only auditing to the standard package, at no extra cost.

• July 20 Wiz Research comes forth with an extended report that show more than just user mail could have been accessed.

• July 21 Microsoft disputes the reports, claiming they’re ungrounded

Let’s not despair, though.

I don’t think there any un-hackable companies out there.
Some companies think they are, but they’ll be proven wrong. (sounds threatening, doesn’t it?)

It’s not if you get hacked, it’s how fast you detect, mitigate and have a good continuity plan set up. (I’m repeating myself..)

Microsoft handled this pretty good.
At least better than how they handled their previous breaches.

Which doesn’t set the bar very high. I know.

Conclusion

The good

• Detailed intelligence about actor tooling

• Improved auditing at no extra cost - noice!

• Microsoft taking responsibility for what happened

The lesser

• Microsoft disputing the report

• People refusing to say Microsoft got hacked

But when Bill is looking me in the eyes like this, I’m willing to let the lesser things slide..

Bits & Bytes

• How Microsoft is expanding cloud logging to give customers deeper security visibility - good stuff MS, good stuff.

• Google restricting internet access to some employees for security - One of the best security measures you can take. Also the one that will cost you the most employees..

• Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands - Apple won’t bow down and lower it’s encryption. Good on you, Apple.

• CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519 - for those using Citrix, PATCH!

• VirusTotal: We're sorry for mistake that exposed 5,000 users - Virustotal “fat-fingered and exposed records”. While this should be alarming, I’m chuckling at the term fat-fingered.

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 - This article goes to show how little people are aware of threats and vulnerabilities. That’s what you get for not subscribing to Disable User!

Azure AD Authentication Token

An Azure AD Authentication token is a credential that validates the identity of a user, application, or device. Granting them access to Microsoft's Azure resources and services.

The Social Engineering Special is over people, alas.
Thought I’d stay relevant this time. Next week I’ll continue with the Security+ terms.

Meme of the week