Agregátor RSS

Microsoft’s latest outage on Tuesday might have been amplified by its own unforced errors, the company said in an incident report.

“While the initial trigger event was a distributed denial-of-service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it,” the report said.

The Microsoft 365 outage on Tuesday is the latest in a series of unforced errors by major IT vendors.

Failure to adequately test systems before roll-out was also a factor in the CrowdStrike incident on July 19, and behind DigiCert’s short-notice revocation of erroneously issued SSL certificates earlier this week.

The July 19 incident was caused by a flaw in CrowdStrike’s security sensor software that cost users millions of dollars in repairs and lost business opportunities, and that testing had failed to uncover.

A root cause analysis of the DigiCert incident showed that there were some process failures during the modernization of a software system that had also been missed during testing.

Steps Microsoft took to mitigate the outage

The latest problems with Microsoft 365 began to appear around 11:45 UTC on Tuesday, when an unexpected usage spike resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes, Microsoft said. 

The dip in performance affected a subset of Microsoft 365 services and other services, including Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, as well as the Azure portal itself.

The services impacted included the Microsoft 365 admin center itself, Intune, Entra, and Power Platform.

In response to the outage, the company said that it had started investigations immediately and once it understood that a DDoS attack was behind the network spike, it had implemented networking configuration changes to support its DDoS protection efforts and performed failovers to alternate networking paths to provide relief.

“Our initial network configuration changes successfully mitigated majority of the impact by 14:10 UTC,” the company wrote in the report.

However, it pointed out that despite its early efforts several enterprise customers complained of less than 100% availability, which the company began mitigating at 18:00 UTC.

Without giving further details in the incident report, Microsoft said that it used a different approach to try and solve the issue starting with Asia Pacific and Europe.

“After validating that this revised approach successfully eliminated the side effect impacts of the initial mitigation, we rolled it out to regions in the Americas. Failure rates returned to pre-incident levels by 19:43 UTC,” the company wrote in the incident report, adding the incident was finally mitigated at 19:43 UTC.

Additional steps promised by Microsoft

In its initial report Microsoft said internal teams will be completing an investigation to understand the entire incident in more detail.

“We will publish a Preliminary Post Incident Review (PIR) within approximately 72 hours, to share more details on what happened and how we responded. After our internal retrospective is completed, generally within 14 days, we will publish a Final Post Incident Review with any additional details and learnings,” the company wrote in the report.

This is Microsoft’s 8th service status-related incident this year, according to the company’s service status page.

Last year was also riddled with outages for Microsoft 365 users. Azure’s service page shows that the last incident reported in 2023 was in September, when the US East region faced issues.

Posted by Nataliya Stanetsky and Roger Piqueras Jover, Android Security & Privacy Team

Cell-site simulators, also known as False Base Stations (FBS) or Stingrays, are radio devices that mimic real cell sites in order to lure mobile devices to connect to them. These devices are commonly used for security and privacy attacks, such as surveillance and interception of communications. In recent years, carriers have started reporting new types of abuse perpetrated with FBSs for the purposes of financial fraud.

In particular, there is increasingly more evidence of the exploitation of weaknesses in cellular communication standards leveraging cell-site simulators to inject SMS phishing messages directly into smartphones. This method to inject messages entirely bypasses the carrier network, thus bypassing all the sophisticated network-based anti-spam and anti-fraud filters. Instances of this new type of fraud, which carriers refer to as SMS Blaster fraud, have been reported in Vietnam, France, Norway, Thailand and multiple other countries.

GSMA’s Fraud and Security Group (FASG) has developed a briefing paper for GSMA members to raise awareness of SMS Blaster fraud and provide guidelines and mitigation recommendations for carriers, OEMs and other stakeholders. The briefing paper, available for GSMA members only, calls out some Android-specific recommendations and features that can help effectively protect our users from this new type of fraud.

What are SMS Blasters?

SMS Blaster is the term that global carriers use to refer to FBS and cell-site simulators operated unlawfully with the goal of disseminating (blast) SMS payloads. The most common use case is to leverage these devices to inject Smishing (SMS phishing) payloads into user devices. Fraudsters typically do this by driving around with portable FBS devices, and there have even been reports of fraudsters carrying these devices in their backpacks.

The method is straightforward and replicates known techniques to trick mobile devices to an attacker-controlled 2G network. SMS Blasters expose a fake LTE or 5G network which executes a single function: downgrading the user’s connection to a legacy 2G protocol. The same device also exposes a fake 2G network, which lures all the devices to connect to it. At this point, attackers abuse the well known lack of mutual authentication in 2G and force connections to be unencrypted, which enables a complete Person-in-the-Middle (PitM) position to inject SMS payloads.

SMS Blasters are sold on the internet and do not require deep technical expertise. They are simple to set up and ready to operate, and users can easily configure them to imitate a particular carrier or network using a mobile app. Users can also easily configure and customize the SMS payload as well as its metadata, including for example the sender number.

SMS Blasters are very appealing to fraudsters given their great return on investment. Spreading SMS phishing messages commonly yields a small return as it is very difficult to get these messages to fly undetected by sophisticated anti-spam filters. A very small subset of messages eventually reach a victim. In contrast, injecting messages with an SMS blaster entirely bypasses the carrier network and its anti-fraud and anti-spam filters, guaranteeing that all messages will reach a victim. Moreover, using an FBS the fraudster can control all fields of the message. One can make the message look like it is coming from the legitimate SMS aggregator of a bank, for example. In a recent attack that impacted hundreds of thousands of devices, the messages masqueraded as a health insurance notice.

Although the type of abuse carriers are uncovering recently is financial fraud, there is precedent for the use of rogue cellular base stations to disseminate malware, for example injecting phishing messages with a url to download the payload. It is important to note that users are still vulnerable to this type of fraud as long as mobile devices support 2G, regardless of the status of 2G in their local carrier.

Android protects users from phishing and fraud

There are a number of Android-only security features that can significantly mitigate, or in some cases fully block, the impact of this type of fraud.

Android 12 introduced a user option to disable 2G at the modem level, a feature first adopted by Pixel. This option, if used, completely mitigates the risk from SMS Blasters. This feature has been available since Android 12 and requires devices to conform to Radio HAL 1.6+.

Android also has an option to disable null ciphers as a key protection because it is strictly necessary for the 2G FBS to configure a null cipher (e.g. A5/0) in order to inject an SMS payload. This security feature launched with Android 14 requires devices that implement radio HAL 2.0 or above.

Android also provides effective protections that specifically tackles SMS spam and phishing, regardless of whether the delivery channel is an SMS Blaster. Android has built-in spam protection that helps to identify and block spam SMS messages. Additional protection is provided through RCS for Business, a feature that helps users identify legitimate SMS messages from businesses. RCS for Business messages are marked with a blue checkmark, which indicates that the message has been verified by Google.

We advocate leveraging a couple of important Google security features which are available on Android, namely Safe Browsing and Google Play Protect. As an additional layer of protection, Safe Browsing built-in on Android devices protects 5 billion devices globally and helps warn the users about potentially risky sites, downloads and extensions which could be phishing and malware-based.

Let’s say a user decides to download an app from the Play store but the app contains code that is malicious or harmful, users are protected by Google Play Protect which is a security feature that scans apps for malware and other threats. It also warns users about potentially harmful apps before they are installed. Android’s commitment to security and privacy

Android is committed to providing users with a safe and secure mobile experience. We are constantly working to improve our security features and protect users from phishing, fraud, and other threats.

Working with global carriers and other OEMs through the GSMA to support the ecosystem in the development and adoption of further cellular security and privacy features is a priority area for Android. We look forward to partnering with ecosystem partners in further raising the security bar in this space to protect mobile users from threats like SMS blasters.

Thank you to all our colleagues who actively contribute to Android’s efforts in tackling fraud and FBS threats, and special thanks to those who contributed to this blog post: Yomna Nasser, Gil Cukierman, Il-Sung Lee, Eugene Liderman, Siddarth Pandit.

Vzali jsme týdenní přehledy nejstahovanějších filmů, které se objevují na torrentech, a spojili je do jednoho žebříčku. Tohle jsou aktuálně filmy, o které je na světě největší zájem, které se nejvíc pirátí.

Reddit, which has signed cooperation agreements with Google and Open AI — giving both companies the right to train their AI models using the site’s content — is now demanding that Microsoft, Anthropic, and Perplexity do the right thing and sign similar agreements.

According to Reddit CEO Steve Huffman, the three companies have repeatedly used Reddit content to train their AI models, despite not being allowed to do so. Reddit has tried to block access via an updated version of the robots.txt file, but that hasn’t stopped the targeted companies from continuing to collect data.

A spokesperson from Anthropic said in a comment to The Verge that the collection of data from Reddit stopped in mid-May. Microsoft and Perplexity, however, did not immediately commented on Huffman’s claims.

Stejně, jako každý rok, i letos zpestří pozorování letní noční oblohy meteorický roj Perseidy. Tento úchvatný přírodní úkaz, který je viditelný na severní a částečně i jižní polokouli od 17. července do 24. srpna, dosáhne svého vrcholu večer v pondělí 12. srpna a potrvá až do brzkých hodin 13. ...

Even though Microsoft invested $13 billion in OpenAI, the relationship between the two companies has deteriorated significantly in recent months.

Microsoft has decided to put OpenAI on its list of competitors, due to the fact that the companies are now competing with each other in terms of both artificial intelligence and online search. (OpenAI last week showed off a preview version of Search GPT, a search engine that could eventually become a serious challenger to Microsoft’s Bing.)

In the past, Microsoft has singled out Amazon, Apple, Google and Meta as its main competitors, according to CNBC .

PSA comes amid multiple IT services crises in recent days

US law enforcement and cybersecurity agencies are reminding the public that the country's voting systems will remain unaffected by distributed denial of service (DDoS) attacks as the next presidential election fast approaches.…

Using Precision AI to stop cyber threats in real time

Sponsored Post  Hackers and cyber criminals are busy finding new ways of using AI to launch attacks on businesses and organisations often unprepared to deal with the speed, scale and sophistication of the assaults directed against them.…

Download the August 2024 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World.

Ať už je za tím prostý strach z neznámého, nebo odpor k protěžovaní z vyšších míst, Češi elektromobily nemají v lásce. Většinou. Podle průzkumu STEM/MARK pociťuje sympatie k elektrickým autům jen necelá pětina dotázaných. Kritika většiny však vychází spíše z nevědomosti. Více než 78 % dotázaných ...

Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, a joint analysis published by Infoblox and Eclypsium has revealed. "In a Sitting

Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, a joint analysis published by Infoblox and Eclypsium has revealed. "In a Sitting Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Astronom Franch Marchis ze SETI Institute a Ignacio G. Lopez-Francois z NASA přišli se zajímavou myšlenkou: pokusit se pomocí umělé inteligence (AI) navázat komunikaci s mimozemšťany. Konkrétně navrhují poslat do vesmíru velký jazykový model AI (large language model, LLM), který by plnil roli ...

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer (Q&A) platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. "Upon installation, this code would execute automatically,

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer (Q&A) platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. "Upon installation, this code would execute automatically, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Homomorphic encryption is a phrase that might never make it to everybody’s lips, but the technology will become part of what we do each day, thanks to Apple, Swift and the need for artificial intelligence (AI) in the cloud. It’s a privacy-protecting technology that lets you secure data in the cloud, work on that data using cloud services, and do all that without anyone other than you knowing what your data is. 

Why does this matter?

Think about it this way. When we store data in the cloud, we already use technology to lock that data down so no one, including the people running the servers, can access it. It’s like putting your data in a safety deposit box only you can open. 

But what we do with cloud data is changing rapidly as a multitude of services appear that let you use powerful AI systems to work with it. To do so, the servers must access your information — they need to open that safety deposit box to work with the information it contains, which makes your data less secure.

What can be done to make it possible to use AI services while leaving data secure? Homomorphic encryption seems to be the answer. 

MIT Professor, Vinod Vaikuntanathan calls that process “black magic” in this video that very clearly explains some of the intricacies of homomorphic encryption. That’s because the encryption tech makes it possible for the server to put its hands inside the safety deposit box and work with data without ever accessing or even knowing what it is working with.

Leaving that data encrypted unlocks the power of cloud-based AI, while also building in privacy. I expect the tech will see use in Private Cloud Compute, though it is not certain to what extent it will be capable of handling large and complex tasks at this point.

How is Apple boosting homomorphic encryption?

Apple already uses homomorphic encryption. Now, it has introduced a new open source Swift package for homomorphic encryption. 

The rationale here is obvious. Unlike so many in the industry, Apple prioritizes user privacy, which it sees as a human right. It is quite plausible that one of the challenges it faced on its road to generative AI has been the need for more complex cloud-based computations to access core data, which conflicts with the company’s privacy goal. The deployment of homomorphic encryption marries those two conflicting aims.

Apple isn’t going quite so far as to say it is about that, even though it evidently is. Instead, it talks about how it uses the tech in its Live Caller ID Lookup feature, which provides caller ID and spam blocking services. In use, this lets Lookup interrogate a server for information pertaining to a phone number without that server ever actually accessing the number itself.

What is a typical workflow?

On its Github page sharing the tech, Apple explains what a typical homomorphic encryption workflow might be:

• The client encrypts sensitive data and sends the resulting ciphertext to the server.
• The server performs computation without learning what any ciphertext decrypts to.
• The server sends the resulting ciphertext response to the client.
• The client decrypts to learn the response.

Apple also provides its own explanation of homomorphic encryption:

“Homomorphic encryption (HE) is a cryptographic technique that enables computation on encrypted data without revealing the underlying unencrypted data to the operating process. It provides a means for clients to send encrypted data to a server, which operates on that encrypted data and returns a result that the client can decrypt. During the execution of the request, the server itself never decrypts the original data or even has access to the decryption key. Such an approach presents new opportunities for cloud services to operate while protecting the privacy and security of a user’s data, which is obviously highly attractive for many scenarios.”

Empowering next-generation AI — securely

Of course, there are challenges here around performance and speed, but it is plausible that Apple’s own servers might already be more than capable, given their computational capacity and low energy requirements. But given that the tech is also thought to be capable of providing data protection against quantum computer attacks, it is certain homomorphic encryption will now become an important force empowering AI on Apple’s platforms down the road.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Cybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware. Italian cybersecurity firm Cleafy, which discovered the RAT towards the end of May 2024, said the malware is under active development. It attributed the

Cybersecurity researchers have uncovered a new Android remote access trojan (RAT) called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware. Italian cybersecurity firm Cleafy, which discovered the RAT towards the end of May 2024, said the malware is under active development. It attributed the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]