Update: Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (https://www.nytimes.com/2024/09/17/world/middleeast/israel-hezbollah-pagers-explosives.html)
Depends of the country. Disrupt with Internet/communications may be a crime in some countries.
Kudos to SOC team.
Instance Rules
Be respectful. Everyone should feel welcome here.
Please note that the attack can only be carried out if the local network itself is compromised.
Hackers 10 - 1 LastPass
From the article:
Microsoft locked down a server last month that exposed Microsoft employee passwords, keys and credentials to the open Internet, as the company faces growing pressure to strengthen the security of its software. Microsoft was notified of the vulnerability on February 6th and the block on March 5th. It is unclear whether anyone accessed the exposed server during this period.
In this particular case, the method of infection of the router was not disclosed. However, typically, the most common methods involve an open administration port to the internet (user interface or TR-069) or through the internal interface, in case a network host has been compromised.
They often perform brute-force password attacks, and once access is obtained, they look for typical Linux administrative tools (such as bash, etc.) and proceed to compromise the router.
So I understand that a router with custom firmware can be compromised if it has a weak password and resources to maintain the infection, or of course, a vulnerability that is exploitable.
Stop giving me your toughest battles
A better summary:
The text discusses a series of cybersecurity breaches affecting Microsoft, involving sensitive data theft from US government officials and organizations, attributed to Chinese hackers. Microsoft's delayed response to discovered security flaws, including a 90-day wait for a partial fix, is criticized. Senator Ron Wyden has called for Microsoft's accountability. The breaches underscore the growing issue of security vulnerabilities in tech companies, leading to expectations that the US government will require companies to promptly disclose security incidents within a strict timeframe.
This one does not spark joy.