Connect with us

Press Release

Microsoft rushes to register credentials-leaking Autodiscover domains.

Published

on

Microsoft rushes to register credentials-leaking Autodiscover domains.

Microsoft is hurrying to register Internet domains that are used to intercept Windows credentials transmitted via subpar Microsoft Exchange Autodiscover deployments.

Amit Serper of Guardicore published further research on Monday describing how the problem resulted in the exposing of almost 100,000 different Windows and email credentials.

The app will attempt to authenticate to numerous Autodiscover URLs connected to Microsoft Exchange servers for their company when users configure their Exchange accounts on email clients. The Exchange server will send back the settings that the mail client should use if authentication is successful. Although many mail clients wrongly implement the Autodiscover protocol, causing them to attempt to authenticate to third-party autodiscover, including some variations of Microsoft Outlook and Office 365. [tld] URLs that have nothing to do with a user’s company.

Autodiscover.com, Autodiscover.uk, and Autodiscover.de are a few examples of such domains.

Threat actors might register autodiscover.[tld] domains and start gathering the stolen Windows and email login information in preparation for assaults on the company.

Microsoft rushes to register domains for autodiscovery
Microsoft has been aware of the problem for years. Research regarding incorrect Microsoft Autodiscover protocol implementations exposing Windows passwords is not new.

A formal research paper describing the leaks and the findings were both initially presented at Black Hat Asia 2017 briefing. Other researchers claimed that when they previously reported the problem to Microsoft, they were informed that it wasn’t a bug.

But after Serper published his findings, Microsoft told BleepingComputer that they were unaware of the material.

Additionally, BleepingComputer is aware of 38 additional domain names that have been registered since September 22nd but whose owners are obscured by privacy or WHOIS limitations. These names were probably registered by Microsoft, researchers, or prospective threat actors.

Since Microsoft registered numerous autodiscover domains for the same TLD, such as autodiscover.com.es and autodiscover.org.es, BleepingComputer believes the true number of registered domains is significantly higher.

It is unclear who the owner is of one domain, autodiscover.ch, which has been registered since at least 2015 and utilises microsoftonline.com as its DNS servers.

Microsoft will need to release solutions for the subpar Autodiscover implementation in their Microsoft Outlook and Office 365 mail clients to resolve the issue further, even though registering autodiscover.[tld] domains will stop some of the leaks.

Microsoft will also need to provide instructions on how to properly design Autodiscover URLs so that credentials are not transferred to dubious domains, as other non-Microsoft applications also have flawed protocol implementations.

 

Continue Reading

Press Release

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY NUANCE COMMUNICATIONS FOR ABOUT $16 BILLION, OR $56 A SHARE, A 23% OVERPAYMENT TO NUANCE’S FRIDAY CLOSE, According to Sources (BLOOMBERG)

Published

on

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY

Bloomberg:

According to sources, Microsoft is in advanced talks to acquire Nuance Communications, a provider of speech technology, for about $16 billion, or $56 per share, a 23% premium to Nuance’s Friday close. The proposed price would value Nuance at $56 per share. This week could see the announcement of a deal.

Continue Reading

Press Release

Nine widely used WiFi routers had 226 vulnerabilities.

Published

on

Nine widely used WiFi routers had 226 vulnerabilities.

Even when using the most recent firmware, security researchers examined nine widely used WiFi routers and discovered a total of 226 possible vulnerabilities in them.

Millions of people use the tested routers, which are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys.

The TP-Link Archer AX6000, which has 32 problems, and the Synology RT-2600ac, which has 30 security flaws, are the two devices with the most vulnerabilities.

The examination process
In partnership with CHIP magazine, researchers at IoT Inspector conducted security tests with a focus on models primarily used by small businesses and residential users.

According to Florian Lukavsky, CTO & Founder at IoT Inspector, “vendors provided them with current models, which were upgraded to the newest firmware version, for Chip’s router review.”

“IoT Inspector automatically examined the firmware versions and searched for more than 5,000 CVEs and other security flaws.”

Although not all defects posed the same risk, the researchers discovered a few widespread issues that impacted the majority of the evaluated models:

The firmware contains an outdated Linux kernel.
stale VPN and multimedia features
over-reliance on BusyBox’s earlier iterations
weak default passwords like “admin” are used
Hardcoded credentials are present in plain text.
Changing the router’s default password when configuring it for the first time is one of the most crucial steps you can take to secure it, according to Jan Wendenburg, CEO of IoT Inspector.

Whether an IoT device is used at home or in a corporate network, changing the password upon first use and turning on automatic updates must be regular procedure, according to Wendenburg.

In addition to manufacturer-introduced vulnerabilities, utilising an IoT device with the adage “plug, play, and forget” poses the greatest risk.

Continue Reading

Press Release

MASSACHUSETTS COURT SUPPORTS A REQUEST FROM THE IRS TO OBTAIN THE RECORDS OF ALL CIRCLE CUSTOMERS WHO HAD $20K+ IN CRYPTO TRANSACTIONS BETWEEN 2016 AND 2020 (ZACK SEWARD/COINDESK)

Published

on

MASSACHUSETTS COURT

Massachusetts court supports a request from the IRS to obtain the records of all Circle customers who had $20K+ in crypto transactions between 2016 and 2020  —  A Massachusetts court is supporting a request from the IRS to obtain the records Circle customers, the Department of Justice said.

Continue Reading

Trending