Here are the latest updates related to the email security landscape, exploring the newest email security breaches and measures to combat threats that involve big names like the Pentagon and Microsoft.
Researchers Successful in Breaking into Apple Devices and Stealing Email Data Using iLeakage Program
Researchers have demonstrated that recent Apple devices can be compromised using the program iLeakage to steal data, including emails and passwords, through the Safari browser.
Academic researchers from three institutions — Georgia Tech, University of Michigan, and Ruhr University Bochum — have shown that they could extract data with utmost accuracy from Apple devices released after 2020 having A-series or M-series ARM processors, raising concern about sensitive data and email security.
The program used for this purpose was iLeakage, which is capable of bypassing side-channel protection and stealing data through Apple Silicon CPUs and browsers like Safari, Tor, Firefox, and Edge used on iOS. It uses a timerless and architecture-agnostic rule dependent on race conditions. iLeakage was also successful in retrieving watch history on YouTube by compromising the Chrome browser used with iOS.
As the infiltration possibility was reported to Apple, the digital giant has taken several cybersecurity measures to overcome the threat and avoid any leakage of users’ confidential and sensitive data.
Russian Attackers Compromise 632,000 Email Accounts of Pentagon and DOJ in a Massive Operation
Email addresses of 632,000 Pentagon and DOJ employees have been compromised by malicious actors’ group suspected to be Russian.
Image sourced from pinterest.com
The attack, whose information has come to light, had occurred initially on May 28 and May 29 of this year. The incident used flaws in the file transfer program called MOVEit used by these organizations in their systems. A Russian-speaking group has been reckoned the culprit as similar MOVEit incidents have been perpetrated by a Russian ransomware attack group called CLoP earlier.
Around a dozen US agencies have contracts with MOVEit. The employees compromised belonged to government agencies and private organizations, including Shell, British Airways, the BBC, the University of Georgia, Johns Hopkins University, and the Energy Department. As per the Associated Press, the number of victims of CLoP runs into hundreds.
Though Bloomberg considered the email hacking incident a major one, the data compromised was considered by the agency to be of low sensitivity and not classified.
Advanced Security Measures by Microsoft Following Chinese Breach of US Officials
In an effort to counteract cyber threats like the Chinese breach that transpired earlier this year, Microsoft has devised a robust security plan. This multi-step strategy incorporates measures like phishing protection to defend against a wide array of attack methodologies.
This initiative has mainly considered the protection of consumer signing keys, which opened doors for exploitation earlier this year. The incident involved breaching a consumer signing key by a Chinese threat actor group called Storm-0558 to compromise the email accounts of 25 organizations in the cloud.
The malicious actors obtained the consumer signing key from a snapshot generated by the system related to a sign-in crash. They then used the key to forge authentication tokens to hack email accounts. The email accounts targeted in the incident mostly belonged to employees from the State and Commerce departments.
The new Microsoft email security framework is called the ‘Secure Future Initiative.’ It uses the power of AI to expand default security controls embedded in Microsoft products, detect and counter cyber threats, and speed up efforts to mitigate cloud vulnerabilities.
WiHD Misconfiguration Exposes Sensitive Information of 97,327 Users
An inadvertent error of WiHD (World in HD), a French private torrent tracking service for HD video content, has caused an instance wherein critical account details of 97,327 users remained exposed for anyone to access without a password.
WiHD is a private torrent tracking community offering HD movies, TV series, and animation films in French and English. Cybernews noticed an open Elasticsearch cluster in WiHD with no password protection. It exposed sensitive data of users and administrators, such as emails, usernames, IP addresses, and hashed passwords.
Elasticsearch is a digital tool popularly used for managing large amounts of data. This torrent data breach instance was probably caused by misconfiguration. Access to such data by malicious actors could lead to their pinpointing user location, tracking users’ behavior and downloading patterns, and launching phishing attacks.
Though WiHD secured the exposed instance soon, one can never be sure how many malicious parties might have obtained the exposed sensitive information before it was closed.