According to the tech giant, the problem in the protocol is not a vulnerability.
Microsoft Outlook email client since at least 2016 exposes unprotected user credentials when requested in a specific way. Microsoft is aware of the problem, but still advises customers to only interact with servers they trust.
On August 10, 2016, the director of the British IT company Supporting Role, Marco van Beek, sent a message to the Microsoft Security Response Center about an issue with the Microsoft Autodiscover feature of Microsoft Exchange mail servers, which allows mail clients to automatically discover mail servers, provide credentials, and then get proper configurations.
“Accessing passwords for Exchange users, and therefore Active Directory, in clear text is extremely easy. This does not necessarily require any kind of breach of corporate security, and it is as secure as file-level access to a corporate website, ”Beek said.
The PoC code for exploiting the vulnerability consisted of 11 lines in PHP, although it could presumably be shortened to three lines. The researchers attached an explanatory PDF and described the behavior of the Microsoft Autodiscover protocol when the email client software tries to add a new Exchange account.
On August 11, 2016, Microsoft confirmed a reproduction of the issue in Bick’s report. However, on August 30, 2016, the company announced that the report did not describe the real vulnerability.
“Our security engineers reviewed the report and determined that this is not a vulnerability that needs to be serviced as part of our monthly patch Tuesday process. An SSL certificate without a matching hostname is never recommended to be accepted. Before submitting your request, make sure it is trustworthy. Remember, you are submitting user credentials, so it is important to make sure you only share them with a server you can trust, ”Microsoft replied.
Five years later, cybersecurity researchers at Guardicore discovered the same error in the Microsoft Exchange mail server. The issue has resulted in the leaking of domain and Windows application credentials around the world.
According to experts, the automatic mail server discovery mechanism uses a “rollback” procedure in case it does not find the Autodiscover endpoint of the Microsoft Exchange server on the first try. This “rollback” mechanism is the culprit in the data leak because it always tries to resolve a portion of the Autodiscover domain and will always try to “fail”. The next attempt to generate the Autodiscover URL will result in: autodiscover.com/autodiscover/autodiscover[.]xml. This means that the owner of autodiscover[.]com will receive all requests that cannot reach the original domain.
As Beek noted, he and the experts at Guardicore separately discovered the same issue with the disclosed credentials. “The main difference is that they found a way to remove them from the main mail domain, while I stopped when I realized that most mail clients did not even check the SSL certificate before giving the gifts,” he explained.
Hackers hacked Europe’s largest missile manufacturer
Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.
The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.
The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.
Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.
MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.
Samsung is ahead of the curve again. The company released the August security patch for three flagship lines at once
Samsung was the first company in the market to release the August security patch for its smartphones. Moreover, for three flagship lines at once: Galaxy S20, S21 and S22.
Today, owners of these smartphones in Germany began to receive updates, including a security patch. Usually, users from other countries do not have to wait long. The August security patch fixes dozens of vulnerabilities, so it’s quite important.
Samsung has sometimes been ahead of even Google in recent years, releasing security patches earlier and offering longer support for its flagships, although just three or four years ago, Samsung was almost the worst in this matter.
Hacker withdrew about $6 million worth of ETH from decentralized streaming platform Audius
Audius (AUDIO) is an artist-run, community-owned music streaming platform that aims to enable anyone to freely distribute, monetize, and stream audio.
Audius aims to return money and power to artists by connecting them directly to listeners and removing record labels and middlemen from the equation.
If bitcoin can be called the digital analogue of gold, then, according to the developers, Audius aims to be the next Spotify or SoundCloud on the blockchain. “The cryptocurrency music app aims to decentralize and democratize the music industry and give artists back more money and control.”
An unknown person was able to change the configuration of the smart contract for managing Audius, and then created a malicious offer to withdraw $6 million in AUDIO tokens.
An unknown person was able to change data on the voting time for the proposal in the Audius smart contract, as well as the delay in the execution of the voting result. As a result of the fraud, the attacker brought the stolen cryptocurrency for sale, however, due to market slippage, he was able to sell a cryptocurrency worth $6 million for only $1.1 million in Ethereum.
According to the attacker’s address transfer history, the cryptocurrency received from the sale was “laundered” at 100 ETH per transaction through the Tornado Cash mixer.
Audius representatives confirmed the hack. The project developers claim that the functionality of the smart contract has been resumed after a detailed study. Whether Audius will compensate investors for losses remains unclear.
Ford has set a new record for the U.S. electric vehicle market. The company is second in the market after Tesla
In the U.S. battery electric vehicle (BEV) market, Ford is number two, behind only Tesla. In July this year, the...
The Samsung Galaxy Z Flip 4 clamshell smartphone was shown on a high-quality render in three days of announcement
Insider Roland Quandt has posted a new image of the Samsung Galaxy Z Flip 4 on Twitter. The image appears...
The main camera has a resolution of 200 megapixels, but the telephoto lens has only a 2x zoom. Motorola Moto X30 Pro official specs revealed
Motorola has unveiled the camera of its upcoming flagship Moto X30 Pro. The device was supposed to be presented a...
Samsung is ready to change the market once again. Folding tablet Galaxy Z Tab Fold can be released in six months
Samsung has revolutionized the foldable smartphone market by popularizing its Galaxy Z Fold line. In the near future, Samsung may...
Headphones6 days ago
1,800 people will be the first to try the Samsung Galaxy Z Flip 4, Galaxy Z Fold 4, Galaxy Watch 5 and Galaxy Buds 2 Pro
Components6 days ago
GeForce RTX 4070 Ti will get 12 GB of memory and will be on par with GeForce RTX 3090 Ti
Tablets6 days ago
New design, lots of memory and big battery. iPad Air 6 Details
Headphones7 days ago
Apple cuts the price of iPhone 13, iPhone 12, iPhone 12 and AirPods in China