Microsoft reported a breach by Russian group ‘Midnight Blizzard,’ which accessed internal systems and source code using stolen authentication secrets from a January cyberattack. The unauthorized access was facilitated by a compromised non-production test account lacking multi-factor authentication and linked to an OAuth app with elevated privileges. Microsoft is contacting affected customers and has ramped up security measures to counter the persistent threat.

  • OsrsNeedsF2P@lemmy.ml
    link
    fedilink
    English
    arrow-up
    75
    arrow-down
    1
    ·
    10 months ago

    I love the closed source model, where only blackhats get to see the source code that whitehats never had the chance to report bugs on!

  • Admiral Patrick@dubvee.org
    link
    fedilink
    English
    arrow-up
    46
    arrow-down
    1
    ·
    edit-2
    10 months ago

    Oh, no. Imagine all the havoc that could be wrought if the source code for an operating system was released onto the internet /s

    That’s why you should never rely on security through obscurity.

    – Sent from my Linux desktop

    • assembly@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      10 months ago

      I hope these hackers didn’t also get the source code to RockyLinux or I’m screwed man. If all you need is source code access, I won’t be safe after that. :-)

    • rutellthesinful@kbin.social
      link
      fedilink
      arrow-up
      3
      ·
      10 months ago

      wouldn’t the counterpoint to that be all the vulnerabilities that have sat out in the open for years before finally being reported?

    • rdri@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      10 months ago

      Chances are it didn’t involve the OS source code. If you read the article, previously Microsoft reported about source code for service components like Exchange, Azure etc.

  • Random Dent@lemmy.ml
    link
    fedilink
    English
    arrow-up
    38
    ·
    10 months ago

    I know this isn’t what this is, but I dream of the day that someone gets hold of the source code for Windows 10/11 and just dumps it onto the internet, and then some other enterprising soul uses it to make a version of Windows that runs all the apps but has all the Microsoft bullshit removed.

    I’m sure it’ll never happen, but it’s nice to think about.

  • Evil_Shrubbery@lemm.ee
    link
    fedilink
    English
    arrow-up
    22
    ·
    10 months ago

    Using ‘username’ and ‘password’ as credentials is basically Microsoft going open sauce.

  • Psiczar@aussie.zone
    link
    fedilink
    English
    arrow-up
    6
    ·
    10 months ago

    How the fuck does MS get hacked to the point where source code is leaked? It wouldn’t be sitting on a server called win-src-01 in their DMZ. I assume it is on servers within networks that a firewalled off from the regular network that only developers can get to and Peggy-Sue in Accounts can’t.

  • Bipta@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    10 months ago

    Midnight Blizzard hacks Microsoft again

    Today, Microsoft says that Midnight Blizzard is using secrets found in the stolen data to gain access to some of the company’s systems and source code repositories in recent weeks.