Hacker Scrapes 15 Million Trello Profiles Through API
Approximately 15 million names, usernames, and email addresses linked to public Trello boards have surfaced on the Dark Web for sale, posing a risk...
2 min read
Veroot Cyber Team : Nov 28, 2023 1:14:28 PM
According to a report by The Hacker News, Microsoft has revealed that a China-based threat actor known as Storm-0558 acquired an inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key 1.
The system crash took place in April 2021. The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump. The key material’s presence in the crash dump was not detected by Microsoft’s systems. The Windows maker said the crash dump was moved to a debugging environment on the internet-connected corporate network, from where Storm-0558 is suspected to have acquired the key after infiltrating the engineer’s corporate account 1.
It’s not currently known if this is the exact mechanism that was adopted by the threat actor since Microsoft noted it does not have logs that offer concrete proof of the exfiltration due to its log retention policies 1.
In summary, Microsoft has revealed how a China-based threat actor acquired an inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key 1.
Microsoft 365 is a widely used cloud-based service that provides a range of applications and services to its users. As with any cloud-based service, it is important to take steps to protect your Microsoft 365 account from hackers. Here are some tips to help you secure your Microsoft 365 account:
Approximately 15 million names, usernames, and email addresses linked to public Trello boards have surfaced on the Dark Web for sale, posing a risk...
A critical security issue has been found in all versions of Exim mail transfer agent (MTA) software. This vulnerability could allow unauthorized...
State Sponsored Villains “Star Blizzard” (aka Seaborgium, BlueCharlie, Callisto Group, Coldriver) has been actively involved in cyber espionage since...