this post was submitted on 11 Mar 2024
232 points (98.3% liked)

Cybersecurity

5686 readers
59 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
 

Interesting view on this situation.

all 27 comments
sorted by: hot top controversial new old
[–] JeeBaiChow 74 points 8 months ago (2 children)

Now we find out if linking all of the software into a single user id/ password on the Microsoft services was such a good idea.

[–] [email protected] 14 points 8 months ago (1 children)

Yeah, and I thought our test accounts for our app was bad, but it is disabled in production and has limited permissions in our customer facing test environment. We still share credentials for it, but it's only really useful if you're already behind our VPN and only on test envs.

This is a huge embarrassment for Microsoft.

[–] JeeBaiChow 8 points 8 months ago

Wonder if this has anything to do with windows telling me there was a problem with my Microsoft account, then making a mockery of the reset process.

[–] IsThisAnAI 5 points 8 months ago

As opposed to a ton of logins nobody can manage and monitor and are certainly held together with post it note passwords?

I'll take the SSO/saml challenges every time.

[–] [email protected] 39 points 8 months ago

I suppose Russia is collecting exploits and vulnerabilities ahead of the 2024 US election season. Nothing to worry about there, I'm sure.

[–] agent_flounder 28 points 8 months ago (6 children)

I wonder what's making it so hard. Probably scope of the breach.

Sounds like MS has their heads up their asses if execs got compromised and baddies are running rampant all over their network. I guess I'm kinda spoiled where I work.

I'd love to be a fly on the wall and see what's going on. Or, actually, cyber$ec con$ultant >:)

Maybe that's what I should do as my final gig before retirement. Hmm. I just need to find someone with actual charisma that can schmooze and find customers (since I'd sooner jump off a bridge). Get a handful of top notch cyber incident response and reverse engineering folks, few more engineers. I know I am going off topic but I need to dream if I am to survive Monday after the time change ok?? Let's see... I would do 32 hour work weeks. Idk how that would play out working an incident, I guess shitloads of comp time and some way to keep from overloading people. Good bennies. 6 weeks of vacation a year. Hell, make it employee owned. WFH when and where possible (can't really do an incident response 100% remotely, usually). Whaddya say, who's in? Let's make enough money to retire early. Fuck work.

[–] [email protected] 21 points 8 months ago (1 children)

I used to be paid money to be “someone with actual charisma”. It’s not worth it. It’s a Catch 22 - the people you need to validate your charisma in order to buy things are exactly the kind of people you became charismatic to avoid.

Turns out it’s smarter to learn a skill that makes you indispensable, because there are only so many charismatic ways to say “fuck you” before the boss decides you’re a bad influence.

[–] [email protected] 7 points 8 months ago

Yup, my last boss was annoyed with me because I kept asking for 2 days remote/week so I could focus. I had moved my desk across the building to avoid interruptions, and one day I left "early" (before the rest of the team, but I had already been working 10 hours and finished my work) when there was a deadline and someone was stuck in a bug. I remoted in, fixed the problem quickly, and then the next day he called me into his office and "fired" me, with an offer to switch to a full-remote contractor with a small pay increase.

So yeah, I was indispensable, otherwise he would've just fired me. It was a win-win because I didn't like him or his wife (main reason I wanted to work remote) but liked the product, and he wanted to force everyone to work in the office because he and his wife were control freaks. The funny part is they "replaced" me with a full remote contractor (I was the manager until "fired").

Now I'm in a better spot with my current company (I like my boss, I manage a good team, company is more stable). But the only reason I got that special offer was because I was indispensable, at least for 2-3 years.

[–] grue 15 points 8 months ago (1 children)

I wonder what’s making it so hard. Probably scope of the breach.

My guess would be Microsoft's apparent unwillingness to nuke their Internet connection from orbit and suffer extensive downtime while they clean out the compromised accounts. I mean, I get that that would be catastrophically bad for their business, but isn't being thoroughly pwn3d by the Russians also catastrophically bad already?

[–] [email protected] 2 points 8 months ago

They're so engrained i feel like it's not. There are far better solutions than Microsoft (just like the same in the network world and Cisco) but most won't even entertain the idea.

[–] [email protected] 5 points 8 months ago

I suppose one of the issues might well be the nature of software development careers for the last 15 years. Where its weird if you spend more than a few years at a place.

One of the downsides is that you don't get experts in systems and you lose a lot of that expert knowledge base that has traditionally existed when someone spends a decade at a company.

[–] [email protected] 4 points 8 months ago (1 children)

Give the company a memorable name, please. Like "Leverage Indispensables" or "Main Engineering, Mayn!" Or "Detach The Saucer".

[–] agent_flounder 3 points 8 months ago (2 children)

I like how you think. Ok, you're in charge of marketing.

[–] [email protected] 2 points 8 months ago

Thank you. No coffee machines in my department, please. Everyone drinks real tea or GTFO. This is Main Leverage, not Glengarry Glen Ross.

[–] grue 2 points 8 months ago

And the monkey's paw curls.

[–] Riccosuave 4 points 8 months ago

Tell me what I need to learn boss, and I'm all in 🫡

[–] homesweethomeMrL 25 points 8 months ago (1 children)

Cybersecurity experts said Microsoft’s admission that the SVR hack had not been contained exposes the perils of the heavy reliance by government and business on the Redmond, Washington, company’s software monoculture — and the fact that so many of its customers are linked through its global cloud network.

“This has tremendous national security implications,” said Tom Kellermann of the cybersecurity firm Contrast Security. “The Russians can now leverage supply chain attacks against Microsoft’s customers.”

Hello i’m the enterprise security, uh, guy, and i’ll remove 85-90% of your attack vectors in one pass.

eliminates microsoft from enterprise

There you go. Money, please.

[–] Crack0n7uesday 2 points 8 months ago* (last edited 8 months ago)

Good luck running that past upper management in a large global corporation. "The CTO used to work at Microsoft and only knows Windoze so that's what we do here". Lol.

[–] [email protected] 22 points 8 months ago (1 children)

This is the best summary I could come up with:


Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.

The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said in a blog and a regulatory filing.

A company spokesman would not characterize what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems.

“The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said Friday, adding that it could be using obtained data “to accumulate a picture of areas to attack and enhance its ability to do so.” Cybersecurity experts said Microsoft’s admission that the SVR hack had not been contained exposes the perils of the heavy reliance by government and business on the Redmond, Washington, company’s software monoculture — and the fact that so many of its customers are linked through its global cloud network.

When it initially announced the hack, Microsoft said the SVR unit broke into its corporate email system and accessed accounts of some senior executives as well as employees on its cybersecurity and legal teams.

Microsoft’s latest disclosure comes three months after a new U.S. Securities and Exchange Commission rule took effect that compels publicly traded companies to disclose breaches that could negatively impact their business.


The original article contains 539 words, the summary contains 255 words. Saved 53%. I'm a bot and I'm open source!

[–] [email protected] 4 points 8 months ago
[–] [email protected] 16 points 8 months ago (1 children)

For once, the SEC does something right...that benefits me? It must be DST related hallucinations, is this real? Will it be forever?

[–] [email protected] 2 points 8 months ago (1 children)

I must be too high or there's a glitch in the simulation. This can't be real

[–] [email protected] 0 points 8 months ago

I know, I'm scared, even when safely seatbelted into my $10,000 office chair. What's to become of us without Big Brother Bill? Or Clippy?

[–] [email protected] 11 points 8 months ago

Laughs in gnu/linux

[–] [email protected] 3 points 8 months ago

and Russia is rolling it's own Debian derivative in anything that matters, https://en.wikipedia.org/wiki/Astra_Linux

[–] [email protected] 2 points 8 months ago

Stop using Microsoft at the state level.