Hackers could read non-corporate Outlook.com, Hotmail for six months

Hackers and Microsoft seem to disagree on key details of the hack.

Hackers could read non-corporate Outlook.com, Hotmail for six months

Enlarge (credit: Getty / Aurich Lawson)

Late on Friday, some users of Outlook.com/Hotmail/MSN Mail received an email from Microsoft stating that an unauthorized third party had gained limited access to their accounts, and was able to read, among other things, the subject lines of emails (but not their bodies or attachments, nor their account passwords), between January 1st and March 28th of this year. Microsoft confirmed this to TechCrunch on Saturday.

The hackers, however, dispute this characterization. They told Motherboard that they can indeed access email contents and have shown that publication screenshots to prove their point. They also claim that the hack lasted at least six months, doubling the period of vulnerability that Microsoft has claimed. After this pushback, Microsoft responded that around 6 percent of customers had suffered unauthorized access to their emails, and that these customers received different breach notifications to make this clear. However, the company is still sticking to its claim that the hack only lasted three months.

Not in dispute is the broad character of the attack. Both hackers and Microsoft's breach notifications say that access to customer accounts came through compromise of a support agent's credentials. With these credentials the hackers could use Microsoft's internal customer support portal, which offers support agents some level of access to Outlook.com accounts. The hackers speculated to Motherboard that the compromised account belonged to a highly privileged user, and that this may have been what granted them the ability to read mail bodies. The compromised account has subsequently been locked to prevent any further abuse.

Read 2 remaining paragraphs | Comments

Microsoft ships antivirus for macOS as Windows Defender becomes Microsoft Defender

Microsoft is expanding the reach of its device management services.

Microsoft is bringing its Windows Defender anti-malware application to macOS—and more platforms in the future—as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. To reflect the new cross-platform nature, the suite is also being renamed to Microsoft Defender ATP, with the individual clients being labelled "for Mac" or "for Windows."

Microsoft Defender ATP for Mac will initially focus on traditional signature-based malware scanning.

Microsoft Defender ATP for Mac will initially focus on traditional signature-based malware scanning.

macOS malware is still something of a rarity, but it's not completely unheard of. Ransomware for the platform was found in 2016, and in-the-wild outbreaks of other malicious software continue to be found. Apple has integrated some malware protection into macOS, but we've heard from developers on the platform that Mac users aren't always very good at keeping their systems on the latest point release. This situation is particularly acute in corporate environments; while Windows has a range of tools to ensure that systems are kept up-to-date and alert administrators if they fall behind, a similar ecosystem hasn't been developed for macOS.

One would hope that Defender for Mac will also trap Windows malware to prevent Mac users from spreading malware to their Windows colleagues.

Read 4 remaining paragraphs | Comments

Microsoft’s latest security service uses human intelligence, not artificial

Computers are good at processing vast amounts of data, but humans still have their uses.

Microsoft security experts monitoring the world, looking for hackers.

Enlarge / Microsoft security experts monitoring the world, looking for hackers. (credit: Microsoft)

Microsoft has announced two new cloud services to help administrators detect and manage threats to their systems. The first, Azure Sentinel, is very much in line with other cloud services: it's dependent on machine learning to sift through vast amounts of data to find a signal among all the noise. The second, Microsoft Threat Experts, is a little different: it's powered by humans, not machines.

Azure Sentinel is a machine learning-based Security Information and Event Management that takes the (often overwhelming) stream of security events—a bad password, a failed attempt to elevate privileges, an unusual executable that's blocked by anti-malware, and so on—and distinguishes between important events that actually deserve investigation and mundane events that can likely be ignored.

Sentinel can use a range of data sources. There are the obvious Microsoft sources—Azure Active Directory, Windows Event Logs, and so on—as well as integrations with third-party firewalls, intrusion-detection systems, endpoint anti-malware software, and more. Sentinel can also ingest any data source that uses ArcSight's Common Event Format, which has been adopted by a wide range of security tools.

Read 5 remaining paragraphs | Comments

Windows 7 enters its final year of free support

Up to three years of paid support will be available after the cut-off.

Licensing and support lifecycles are not really the easiest topics to illustrate.

Enlarge / Licensing and support lifecycles are not really the easiest topics to illustrate. (credit: Peter Bright)

Windows 7's five years of extended support will expire on January 14, 2020—exactly one year from today. After this date, security fixes will no longer be freely available for the operating system that's still widely used.

As always, the end of free support does not mean the end of support entirely. Microsoft has long offered paid support options for its operating systems beyond their normal lifetime, and Windows 7 is no different. What is different is the way that paid support will be offered. For previous versions of Windows, companies had to enter into a support contract of some kind to continue to receive patches. For Windows 7, however, the extra patches will simply be an optional extra that can be added to an existing volume license subscription—no separate support contract needed—on a per-device basis.

These Extended Security Updates (ESU) will be available for three years after the 2020 cut-off, with prices escalating each year.

Read 3 remaining paragraphs | Comments