155

Microsoft reported a breach by Russian group 'Midnight Blizzard,' which accessed internal systems and source code using stolen authentication secrets from a January cyberattack. The unauthorized access was facilitated by a compromised non-production test account lacking multi-factor authentication and linked to an OAuth app with elevated privileges. Microsoft is contacting affected customers and has ramped up security measures to counter the persistent threat.

all 25 comments
sorted by: hot top controversial new old
[-] OsrsNeedsF2P@lemmy.ml 74 points 1 year ago

I love the closed source model, where only blackhats get to see the source code that whitehats never had the chance to report bugs on!

[-] JoeKrogan@lemmy.world 45 points 1 year ago

it keeps the bug count down 😏

[-] WbrJr@lemmy.ml 14 points 1 year ago* (last edited 1 year ago)

It's also better code, obviously. Less people to push bad code. Why else is Linux so niche if it's so great and open source?

Edit: Lol /s is apparently needed. Thought it was obvious :D

[-] OfficerBribe@lemm.ee 7 points 1 year ago

Microsoft does share source code of both client and server versions of Windows with 3rd parties. At some point it was shared also with FSB.

[-] ptz@dubvee.org 45 points 1 year ago* (last edited 1 year ago)

Oh, no. Imagine all the havoc that could be wrought if the source code for an operating system was released onto the internet /s

That's why you should never rely on security through obscurity.

-- Sent from my Linux desktop

[-] assembly@lemmy.world 10 points 1 year ago

I hope these hackers didn’t also get the source code to RockyLinux or I’m screwed man. If all you need is source code access, I won’t be safe after that. :-)

[-] atzanteol@sh.itjust.works 7 points 1 year ago

I don't think that is the concern here.

Microsoft is a huge cloud provider now.

[-] msage@programming.dev 2 points 1 year ago

What OS does that cloud utilize?

[-] atzanteol@sh.itjust.works 2 points 1 year ago
[-] msage@programming.dev 1 points 1 year ago

Source code is available for most of their infrastructure is what I'm saying.

[-] homesweethomeMrL@lemmy.world 2 points 1 year ago

Inconcievably.

[-] rutellthesinful@kbin.social 3 points 1 year ago

wouldn't the counterpoint to that be all the vulnerabilities that have sat out in the open for years before finally being reported?

[-] rdri@lemmy.world 0 points 1 year ago

Chances are it didn't involve the OS source code. If you read the article, previously Microsoft reported about source code for service components like Exchange, Azure etc.

[-] qjkxbmwvz@startrek.website 40 points 1 year ago

Gosh I hope no one breaches kernel.org and gets the Linux source code!

[-] KuroeNekoDemon@sh.itjust.works 5 points 1 year ago

I really hope gnu.org doesn't get hacked and gets the graphical source code! /s

[-] CrabAndBroom@lemmy.ml 38 points 1 year ago

I know this isn't what this is, but I dream of the day that someone gets hold of the source code for Windows 10/11 and just dumps it onto the internet, and then some other enterprising soul uses it to make a version of Windows that runs all the apps but has all the Microsoft bullshit removed.

I'm sure it'll never happen, but it's nice to think about.

[-] nbailey@lemmy.ca 6 points 1 year ago

Someday, years from now, we will finally have Windows 10 Gold Edition.

https://archive.org/details/GoldWindowsXPSP32016Drivers

[-] CrabAndBroom@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

Haha I had no idea that existed!

[-] Evil_Shrubbery@lemm.ee 22 points 1 year ago

Using 'username' and 'password' as credentials is basically Microsoft going open sauce.

[-] friend_of_satan@lemmy.world 8 points 1 year ago

They want to release the source code for Wordpad.exe

[-] Mango@lemmy.world 7 points 1 year ago

Oh no!

Anyways.

[-] Psiczar@aussie.zone 6 points 1 year ago

How the fuck does MS get hacked to the point where source code is leaked? It wouldn’t be sitting on a server called win-src-01 in their DMZ. I assume it is on servers within networks that a firewalled off from the regular network that only developers can get to and Peggy-Sue in Accounts can’t.

[-] Bipta@kbin.social 3 points 1 year ago* (last edited 1 year ago)

Midnight Blizzard hacks Microsoft again

Today, Microsoft says that Midnight Blizzard is using secrets found in the stolen data to gain access to some of the company's systems and source code repositories in recent weeks.

this post was submitted on 08 Mar 2024
155 points (97.5% liked)

Cybersecurity

7702 readers
134 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS