We have provided an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

MSI suffered a massive data breach at the start of April and the Taiwanese electronics company promptly alerted its customers about the cyberattack on its "information systems." A few days later it emerged that a relatively young ransomware group "Money Message" was behind the hacking effort - these cybercriminals stated that they had infiltrated MSI's internal network. Gang members proceeded to acquire sensitive company files, database information and source code. At the time, Money Message demanded that MSI pay them a ransom of $4 million, with the added threat of stolen data getting leaked to the general public on the internet (in the event of MSI failing to pay up).

Money Message has this week claimed that MSI has refused to meet their demands - as a result, an upload of stolen data started on Thursday with files appearing on the group's own website, and spreading to the dark web soon after. Binarly, a cybersecurity firm, has since analyzed the leaked files and discovered the presence of many private code signing keys within the breached data dump. Alex Matrosov, Binarly's CEO states via Twitter: "Recently, MSI USA announced a significant data breach. The data has now been made public, revealing a vast number of private keys that could affect numerous devices. FW Image Signing Keys: 57 products (and) Intel Boot Guard BPM/KM Keys: 166 products." Binary has provided a list of affected MSI devices (gaming laptops & mobile workstations) on their GitHub page.

Western Digital has declared that its My Cloud online service has been compromised by a group of hackers late last month: "On March 26, 2023, Western Digital identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company's systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities."

The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."

The hacking group LAPSUS$ responsible for the recent NVIDIA and Samsung compromises has now allegedly breached Microsoft systems gaining access to the source code for Bing and Cortana. The group temporarily published a screenshot of what looked to be an internal Microsoft developer account with access to folders labeled "Bing_UX", "Bing-Source", and "Cortana" in addition to various other sections. The group had previously posted a message seeking to recruit employees at Microsoft, Apple, and IBM to get remote access to companies systems. Microsoft has confirmed in a statement to Motherboard that they "are aware of the claims and are investigating".

Update Mar 23rd: The hackers have now published a 9 GB torrent file which includes data from over 250 Microsoft projects including 90% of the source code for Bing, and approximately 45% of the source code for Bing Maps and Cortana according to security researchers speaking with BleepingComputer.

Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.

Fujitsu Computer Products of America, Inc. introduces new Happy Hacking Keyboard (HHKB) models including a Bluetooth enabled model, as well as HHKB branded accessories for avid HHKB fans!

The HHKB was developed by programmers for programmers to provide a smooth and fast keying experience while minimizing hand and finger fatigue. The keyboard only has the most necessary keys resulting in a light, compact and minimalist device. Since its introduction, the HHKB has been used by many customers including programmers and engineers and has sold over 500,000 units worldwide. The core concepts for the HHKB are its intelligent key layout and compact size. While these features have never changed for more than 20 years, keymap customization software and multi-platform support have been introduced to meet the changes in today's technology and work environment.

"I've personally used HHKB for over 20 years for professional and personal use, and I'm very excited to bring the latest generation of this cult classic to the U.S. market." said Yasunari Shimizu, CEO of Fujitsu Computer Products of America.

Symantec Corp. today announced the findings of its Internet Security Threat Report, Volume 17, which shows that while the number of vulnerabilities decreased by 20 percent, the number of malicious attacks continued to skyrocket by 81 percent. In addition, the report highlights that advanced targeted attacks are spreading to organizations of all sizes and variety of personnel, data breaches are increasing, and that attackers are focusing on mobile threats.

Malicious Attacks Continue to Grow Rapidly

Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year. In addition, the number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36 percent.

In response to one of the largest hacking scams in the history of Canada, police from Quebec raided several homes across Quebec, and arrested 16 people, between the ages of 17 and 26. Their crimes, other than making a million zombies, include creating phishing sites that earned them a respectable kickback of $45 million CAD. Canadian authorities claim that these million computers were mainly in Poland, Brazil, Manitoba, and America. Government computers may have been compromised as well, but investigators will not disclose where those computers may have been. Regardless, many of these zombies are coming back from the brink, and it seems this crisis is, for the most part, contained.

While The Pirate Bay, itself, is not involved in any crime (which is really the only reason that groups like the RIAA haven't been able to get a conviction on any of the administrators just yet), it certainly is a host to all manner of evil. Most recently, the torrent tracker found a 125MB zip file, which turns out to be the backup from the Harvard Graduate School of Arts and Sciences website. The torrent was actually seeded from a Harvard-based IP address, and carries all manner of information, passwords, and files. The .NFO file, in broken English, reads as follows:

Maybe you don't like it but this is to demonstrate that persons like tgatton(admin of the server) in they don't know how to secure a website.

This is the first security breach since 2005. Harvard is currently working on patching the breach, and at this point, the main website that was hacked is down.

For any of you hoping to get Windows Vista SP1 RTM code before it's officially ready, I suggest you head over to the source link for a detailed registry hack. Basically, this hack is a clever use of Microsoft's own code. At the run of a CMD file that was present in the latest beta version of Vista SP1, any version of Windows Vista will phone home and download whatever SP1 files it can find. Luckily for the adventurous, Microsoft will not be trying to shoot this hack down. In fact, they're happy that this time around, the hacking is completely legal, and safe. Safe, that is, until the upgrade is complete, after which you still are dealing with unfinished code.

If you understand the risks and want to play around, please follow the source link to download the appropriate files.

While some schools do everything they can to facilitate children learning about computers, others draw a fine line between "edutainment" and "security risk". A high school student in Fairfax County, Virginia must visit one of the latter categories. He was pulled out of his Philosophy exam to be told that he may not graduate; he built a proxy server in his (parents') home. Dubbed "Afnani's Moo Proxy", it was used by himself and a couple technologically-adept students to bypass school firewalls. The administrator of the school networks would not have any of it. He tried to declare the server illegal, despite nothing in the usage contract saying using any proxy, let alone your own personal one, was illegal. When the student pointed out the flaw in the contract, the administrator simply changed his accusations to "repeat network abuse", which can keep the boy from walking at graduation.

The high school student has decided to comply, and has shut down all proxy servers he owns. His personal school computer account has been disabled, but he is (at this point) allowed to graduate.

Readers might want to take care when visiting PowerColor's website for the next couple of days as it looks like the site has been hacked by someone with the alias DaRKHuNTeR. From a quick look the only noticeable alteration is that the news story titles have been modified, which shouldn't be too dangerous. However, the more worrying thing is what else might have been changed. For example the hacker may have potentially added malicious downloads and links, so it's probably best to avoid PowerColor's site for a while.

Hackers have succeeded in breaking into the computer systems of two of the U.S.' most important science labs, the Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Laboratory in New Mexico. In what a spokesperson for the Oak Ridge facility described as a "sophisticated cyber attack," it appears that intruders accessed a database of visitors to the Tennessee lab between 1990 and 2004, which included their social security numbers and dates of birth. Three thousand researchers reportedly visit the lab each year, a who's who of the science establishment in the U.S.

A new white-paper published by Remote Exploit highlights how it is possible to remotely intercept signals from wireless peripherals such as keyboards. The security hack works only against keyboards using radio technology operating on a radio frequency of 27Mhz, which was previously thought to be secure from most casual attacks. The white-paper demonstrates how it is possible to use a simple radio receiver, a sound card, and some basic PC software to intercept these signals and reveal what users have been typing. While Bluetooth is safe from this vulnerability, companies such as Microsoft and Logitech still continue to use the tradition radio technology.

When Folding@Home came out with a GPU client, folding scores soared, due to the massive power just waiting to be unlocked in a graphics card. However, as said in Spider-man, with great power comes great responsibility. Someone has reverse-engineered the power of graphics, and is trying to patent the use of this power to crack passwords at incredible rates.

The toughest passwords, including those used to log in to a Windows Vista computer, would normally take months of continuous computer processing time to crack using a computer's central processing unit (CPU). By harnessing a $150 GPU - less powerful than the nVidia 8800 card - Elcomsoft says they can cracked in just three to five days. Less complex passwords can be retrieved in minutes, rather than hours or days

Such technology could be used by crime investigators to log into terrorist networks, or pirates to get into RIAA servers.