Microsoft flaw triggers major breach in Exchange Server hack rotation.

TLDR:

Storm-0558, a cyberespionage group affiliated with China, compromised Microsoft Exchange mailboxes of 22 organizations and over 500 individuals.
They used a key held by Microsoft in 2016 to gain unauthorized access, resulting in the theft of over 60,000 emails from the State Department.

Storm-0558 exploited a flaw in Microsoft’s authentication system, allowing them to forge tokens for accessing Exchange online accounts. Microsoft failed to rotate keys efficiently, leading to the breach. The impact also affected U.S. government agencies.

These findings highlight the importance of key rotation and robust authentication measures to prevent cyberattacks and data breaches.

Post Views: 72

Latest from News

OpenStack Nova flaw lets hackers infiltrate cloud servers without permission

TLDR: A vulnerability in OpenStack’s Nova component, tracked as CVE-2024-40767, allows hackers to gain unauthorized access to cloud servers. The vulnerability affects multiple versions

CrowdStrike alert: New phishing scam targets German customers

TLDR: – CrowdStrike warns of a new phishing scam targeting German customers. – Malicious installers distributed via a fake website impersonating a German entity.

Beware: NKorea Cyber Op Targets Military, Nuclear Secrets in UK, US, SKorea

Article Summary TLDR: UK, US, and S. Korea issued a warning about a North Korea-backed cyber espionage campaign The group Andariel has been targeting

Security leaders weigh in on SEC cyber disclosure ruling one year later

TLDR: One year after the SEC cyber disclosure ruling, security leaders weigh in on its impact. Security professionals reflect on the lack of significant

Viettel Cyber Security and Banbros Commercial Inc tackle emerging cyber threats

TLDR: Viettel Cyber Security and Banbros Commercial Inc. addressed emerging cyber threats in the Philippines at a launching event. The event focused on discussing

Microsoft flaw triggers major breach in Exchange Server hack rotation

Priya Patel

US cyber report claims Microsoft could have stopped Chinese cloud hack

SEC warns, CISO role faces disruption amidst charges

Latest from News

OpenStack Nova flaw lets hackers infiltrate cloud servers without permission

CrowdStrike alert: New phishing scam targets German customers

Beware: NKorea Cyber Op Targets Military, Nuclear Secrets in UK, US, SKorea

Security leaders weigh in on SEC cyber disclosure ruling one year later

Viettel Cyber Security and Banbros Commercial Inc tackle emerging cyber threats

Suggestions

Microsoft flaw triggers major breach in Exchange Server hack rotation

Priya Patel

US cyber report claims Microsoft could have stopped Chinese cloud hack

SEC warns, CISO role faces disruption amidst charges

Latest from News

OpenStack Nova flaw lets hackers infiltrate cloud servers without permission

CrowdStrike alert: New phishing scam targets German customers

Beware: NKorea Cyber Op Targets Military, Nuclear Secrets in UK, US, SKorea

Security leaders weigh in on SEC cyber disclosure ruling one year later

Viettel Cyber Security and Banbros Commercial Inc tackle emerging cyber threats