Cybersecurity

6745 readers

97 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

[email protected]

258

Microsoft Azure Hit With The Largest Data Breach In Its History; Hundreds Of Executive Accounts Compromised (techreport.com)

submitted 1 year ago by [email protected] to c/[email protected]

29 comments fedilink hide all child comments

For the first time in the history of Microsoft, a cyberattack has left hundreds of executive accounts compromised and caused a major user data leak as Microsoft Azure was attacked.

According to Proofpoint, the hackers use the malicious techniques that were discovered in November 2023. It includes credential theft through phishing methods and cloud account takeover (CTO) which helped the hackers gain access to both Microsoft365 applications as well as OfficeHome.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 59 points 1 year ago (14 children)

The reason why so many people fell for this attack was because it was carried out through malicious links embedded in documents. These links led to phishing websites but the anchor text of these links was “View Document”. Naturally, no one was suspicious of a text like that.

On one hand, I know we shouldn't blame people for falling for this stuff. People are often not educated well enough on the dangers and it's not reasonable to expect it. We should build things to be systematically secure even in the face of people falling for phishing.

On the other hand it's difficult not to be frustrated with this kind of thing... People really should know better than clicking random links and typing their password.

[–] [email protected] 78 points 1 year ago (8 children)

Azure products ask you for your identity and signin a lot. Honestly, I'm asked to log in again at least once every 24 hours. That's assuming I don't traverse some sort of service wall where I'm now in a different system after clicking a link.

I do cloud engineering for a living, and I would probably fall for at least some phishing things around Azure, specifically because azure identity management is so obtuse and constantly asking for things.

It's absolutely on the system that Microsoft designed , and the practices they encourage, and the mitagations that apparently don't exist.

[–] Rentlar 41 points 1 year ago (1 children)

bing bing bing bing!

"Sign into your Microsoft account" here...

"Link your Microsoft account to Edge/[Insert MS product here]"

"Let's get you signed in" there.

"Try our Windows Hello! A new method of accessing your Microsoft account!" over there.

"Sorry you can't use your organization account here, sign into your personal account"

This is the monster Microsoft unleashed upon itself.

[–] [email protected] 16 points 1 year ago

Microsoft, and all the cybersecurity folks who blindly accept any recommendation from third party firms.

When we need to remote in to our work PCs we have to use our Microsoft account with MFA just to access the remote connections, then use the same credentials to access the pool, then if we want to RDP into our PC we use the same credentials.

load more comments (6 replies)

load more comments (11 replies)