|
Thread Tools |
#1
|
||||
|
||||
Microsoft confirms Lapsus$ attack, but security isn?t compromised
Microsoft confirms Lapsus$ attack, but security isn?t compromised
Earlier this week, a relatively new hacker group called Lapsus$ claimed to have obtained source code for a variety of Microsoft products, which it then shared with its followers. Today, Microsoft confirmed that the Lapsus$ attack was real, and that a small portion of source code was obtained by the attackers. However, Microsoft denied that there’s any danger associated with this particular attack. For one thing, only a single account on Microsoft’s side was compromised, and it had limited access to only some files. Microsoft’s security team was already looking into this specific account prior to the attack based on threat intelligence, so it was able to respond quickly. Microsoft says it managed to stop the attackers mid-operation, so it prevented more data from being accessed and disclosed. As you might have expected, the data only included source code for some apps and services, such as Bing and Cortana, and no customer data was exposed as a result of the attack. Microsoft also says that the secrecy of its code isn’t considered a security measure, and thus, having that code made visible to the general public doesn’t result in any kind of additional risk for users. With that being said, Microsoft says it has been tracking Lapsus$ due to their recent attacks on various companies, including Samsung, whose source code for Galaxy phones was exposed this way. While this particular attack against Microsoft doesn’t pose any danger to customers, businesses and users should still be wary of other harmful attempts in the future. Microsoft recommends enforcing multifactor authentication (MFA), using passwordless authentication methods when possible, and making sure passwords aren’t easy to guess. Additionally, Microsoft says to avoid using MFA methods such as SMS messaging or simple pop-up prompts. According to Microsoft, Lapsus$ relies on purchasing authentication credentials from corporate insiders and underground online forums, as well as searching public repositories and the Redline password stealer to help carry out these attacks. Strong MFA enforcements should greatly reduce the risk for businesses and their customers. Source: Microsoft The post Microsoft confirms Lapsus$ attack, but security isn’t compromised appeared first on xda-developers. More... |
The Following User Says Thank You to phillynewsnow For This Useful Post: | ||
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Microsoft's game streaming dongle probably isn't happening anytime soon | phillynewsnow | AVN News Feed | 0 | 10-27-2022 12:14 PM |
Microsoft details security improvements in the Windows 11 2022 Update | phillynewsnow | AVN News Feed | 0 | 09-20-2022 07:42 PM |
Now Lastpass confirms a security breach, but there?s good news | phillynewsnow | AVN News Feed | 0 | 08-28-2022 04:01 PM |
Hacker group Lapsus$ leaks 37GB of Microsoft source code for Bing and Corta | phillynewsnow | Random Community Topics | 0 | 03-22-2022 11:28 AM |
Layout Options | Width:
Fixed
Contact Us -
SPJ Bulletin -
Archive -
Privacy Statement -
Terms of Service -
Top
| |