Security News

Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
2023-11-28 10:23

Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a...

Rollbar discloses data breach after hackers stole access tokens
2023-09-13 19:57

Software bug-tracking company Rollbar disclosed a data breach after unknown attackers hacked its systems in early August and gained access to customer access tokens.The security breach was discovered by Rollbar on September 6 when reviewing data warehouse logs showing that a service account was used to log into the cloud-based bug monitoring platform.

How Chinese hackers got their hands on Microsoft’s token signing key
2023-09-07 13:50

The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365's email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it shouldn't have been - Microsoft's corporate environment. The signing key was included in the snapshot of the crashed process of a consumer signing system because of an unexpected race condition, and its presence in the crash dump wasn't detected by Microsoft's credential scanning methods.

Sourcegraph website breached using leaked admin access token
2023-08-31 21:03

AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online on July 14th. An attacker used the leaked token on August 28th to create a new site-admin account and log into the admin dashboard of the company's website, Sourcegraph.com, two days later. After gaining access to the website's admin dashboard, the threat actor switched their rogue account's privileges multiple times to probe Sourcegraph's system.

Malicious extensions can abuse VS Code flaw to steal auth tokens
2023-08-08 21:49

Microsoft's Visual Studio Code code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux, and macOS credential managers. The security problem discovered by Cycode is caused by a lack of isolation of authentication tokens in VS Code's 'Secret Storage,' an API that allows extensions to store authentication tokens in the operating system.

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports
2023-07-21 15:14

According to cloud security company Wiz, the inactive Microsoft account consumer signing key used to forge Azure Active Directory tokens to gain illicit access to Outlook Web Access and Outlook.com could also have allowed the adversary to forge access tokens for various types of Azure AD applications. Wiz's analysis fills in some of the blanks, with the company discovering that "All Azure personal account v2.0 applications depend on a list of 8 public keys, and all Azure multi-tenant v2.0 applications with Microsoft account enabled depend on a list of 7 public keys."

Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
2023-07-15 06:41

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account consumer signing key to breach two dozen organizations. "Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com," the tech giant said in a deeper analysis of the campaign.

Chinese hackers forged authentication tokens to breach government emails
2023-07-12 10:11

Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account consumer signing key, the company has revealed on Tuesday. "The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558. We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection."

GitHub now auto-blocks token and API key leaks for all repos
2023-05-09 21:42

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. This feature proactively prevents leaks by scanning for secrets before 'git push' operations are accepted, and it works with 69 token types detectable with a low "False positive" detection rate.

New Dingo crypto token found charging a 99% transaction fee
2023-02-05 16:12

Researchers at IT security company Check Point security have flagged Dingo Token as a potential scam after finding a function that allows the project's owner to manipulate trading fees up to 99% of the transaction value. Dingo Token is currently ranked #619 in CoinMarketCap with a market capitalization of over $20 million.