Sci-tech

Hackers used Mac vulnerability to break into Windows bug database in 2013

"We have no evidence of customer data being affected, and our investigation is ongoing". The database had been poorly protected as only a password was needed to enter it.

A cyber-attack by a notorious hacking group back in 2013 compromised highly sensitive information on unfixed Microsoft vulnerabilities, data which could have been used to devastating effect, it has emerged. But Microsoft did increase security after the attack.

They determined that while those bugs had in fact been used to carry out attacks, the hackers involved could have learned of the vulnerabilities from elsewhere - there was no evidence linking the other attacks to the Microsoft breach. Microsoft declined to discuss the incident.

After WannaCry, Microsoft President Brad Smith compared the NSA's loss to the "the US military having some of its Tomahawk missiles stolen", and cited "the damage to civilians that comes from hoarding these vulnerabilities". But the company eventually concluded that the bad actors could have gotten that information elsewhere, which spurred Microsoft's decision not to disclose the hack against its database.

The hackers then moved from the infected employee systems to others on their corporate networks.

Reuters wrote that the hacking group has been called Morpho, Butterfly and Wild Neutron but security researchers say it is a proficient and mysterious group and that they can not determine if it is backed by a state government.

Mark Weatherford, U.S. Homeland Security deputy undersecretary for cybersecurity at the time of the Microsoft breach, told Reuters that all companies need to treat their accurate bug reports as "keys to the kingdom", giving them as much, if not more, security than that of their main network.

Mozilla suffered something similar in 2015 when attackers managed to find a database featuring details on 10 critical and unpatched flaws, but it went public with the details to better protect customers and update industry stakeholders. They said the database was poorly protected, with access possible via little more than a password.

Microsoft did not publicly disclose the extent of the breach when it discovered the hack in 2013.

Microsoft's internal database that it uses to track bugs in its software was reportedly hacked in 2013.

In all likelihood, Microsoft fixed the flaws that were discovered within a few months of the breach.

"They absolutely discovered that bugs had been taken", one source said.

That's partly because Microsoft relied on automated reports from software crashes to tell when attacks started showing up. Some said they believe that the company didn't do a thorough enough job of figuring out whether or not the flaws in the database had been used in subsequent attacks, the report said. That's potentially problematic because it doesn't account for attacks that don't result in crashes, and machines containing highly sensitive information may not allow automatic reporting.



Like this

loading...
loading...

Latest


17 October 2017
Betting On Twenty-First Century Fox, Inc. (NASDAQ:FOXA) ?
Clark Estates Inc increased Cardinal Health Inc (NYSE:CAH) stake by 15,000 shares to 147,000 valued at $11.45 million in 2017Q2. The fund owned 356,491 shares of the company's stock after purchasing an additional 72,459 shares during the quarter.

17 October 2017
Indonesian Legendary Goalkeeper Choirul Huda died during the football match
Indonesian goalkeeper Choirul Huda died following an on-pitch collision with a teammate on Sunday. Soon after he was stretchered off the field, the condition worsened and he was pronounced dead.

17 October 2017
Dow Jones Industrial Average Briefly Hits 23000
The former Fed board member is seen as more hawkish than Yellen and other names being considered to take over the central bank. Technology stocks .SPLRCT were also down, led by a 0.33 percent fall in Apple, a day after it gained 1.5 percent.

17 October 2017
Police identify man suspected of stabbing and killing siblings
The Colorado Springs Police Department's Violent Crimes Section and Homicide Unit are investigating. Police said officers responded to a call in the 900 block of Carlisle Street shortly after 1 a.m.

17 October 2017
Alibaba Group Holding Limited (NYSE: BABA): Do Analysts Think You Should Buy
On average, equities analysts predict that Alibaba Group Holding Limited will post $4.98 earnings per share for the current year. For BABA , the company now has 21.88 billion of cash on the books, which is offset by 2.43 billion in current liabilities.

17 October 2017
GM Plans Test of Self-Driving Cars in NYC in 2018
What better city to use for testing, then, than NY , one of the densest and most hectic traffic nightmares in North America. It's not clear how many self-driving cars GM plans to roll out on the street of NYC at the beginning of the test program.

17 October 2017
Hyderabad family, which went missing for a day, found dead
While two of the bodies were found in a auto parked, the other bodies were found 200 meters away in a secluded place on ORR. Locals saw the bodies and alerted the police, following which teams from the nearest police stations have reached the spot.

17 October 2017
JR Smith discusses his standing toward Kyrie Irving
Of all the National Basketball Association teams, the Cleveland Cavaliers have had one of the most chaotic offseasons. James is uncertain for the season opener on Tuesday (Wednesday, Manila time), due to an injury.

17 October 2017
Jungle Inferno Announced For Team Fortress 2
It's called Mercenary Park, and sends the disposable members of the RED and BLU teams to a failed yeti park. And that vacation involves hitting a lush tropical jungle filled with massive monsters.

17 October 2017
Released From Jail, Rajesh And Nupur Talwar's Mourning For Aarushi To Continue
Before being released from the jail, the couple donated an amount of Rs 98,000 to the jail they had earned while working there. The Talwars had been lodged in the Dasna jail since November 2013 in connection with the twin murders.