Recent Email Hack at US Agencies May Have Broader Implications

By

Security logs are key to detect the use of forged tokens.

Hackers recently “breached cloud-based email accounts at US and European government agencies by using a Microsoft account-signing key to forge authentication tokens,” Bloomberg reports.

The problem was reported last month but security firm Wiz Inc. now says “that key may have also been able to help hackers infiltrate applications that include Teams, OneDrive, and Sharepoint.”

“Under pressure from US cybersecurity officials, Microsoft said it would provide free cloud security logs for all customers in the next few months” to help detect threats.

Read more at ITProToday.
 
 

 
 

07/27/2023

Related content

  • News for Admins
    News for system administrators around the world.
  • NIST Releases Draft of Cybersecurity Security Framework v2.0
  • All Chrome Users Should Immediately Update their Browser
  • News for Admins
    In the news: US Agencies Issue Quantum-Readiness Recommendations; Bitwarden Secrets Manager; IBM X-Force Releases Detection and Response Framework for Managed File Transfers; National Strategy to Expand US Cyber Workforce; SEC Adopts New Rules for Disclosure of Cybersecurity Incidents; Canonical Announces Real-Time Ubuntu for Intel Core; EU-US Data Privacy Framework Ensures Safe Data Transfers; IEEE Releases New Standard for LiFi Communications; EU Health Sector Security Risks; and JupyterLab 4.0.
  • Editorial
    By now you've probably heard that Italy's Hacking Team, a company that sells intrusion and surveillance tools to governments and law enforcement agencies, has had its private information laid bare for the entire world. Almost 400GB of data, published in a single Torrent file, made its way onto the Internet for all to enjoy. The initial entry point for the attack is unclear, but one thing is certain: The Hacking Team needs to attend a seminar on password security.
comments powered by Disqus