Recently Browsing 0 members
No registered users viewing this page.
By Usama Jawad96
Microsoft open sources CodeQL queries used in Solorigate investigation
by Usama Jawad
Last week, Microsoft finally completed its Solorigate investigation, concluding that while some code files for Azure, Intune, and Exchange were accessed, no customer data was compromised. The cyberattack had caused major concern around the globe because it targeted the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. Supply chain attacks were executed on SolarWinds, Microsoft, and VMware, with Microsoft President Brad Smith calling it "a moment of reckoning".
Now, Microsoft has open sourced the CodeQL queries that it utilized in the Solorigate investigation.
Image via Kevin Ku from Pexels For those unaware, CodeQL is code analysis engine which depends upon code semantics and syntax. It develops a database built around the model of the compiling code, which can then be queried just like a regular database. It can be used both for static analysis and retroactive inspection of code.
CodeQL queries were used by Microsoft in its Solorigate investigation in order to analyze its code in a scalable manner and pinpoint indicators of compromise (IoCs) and other coding patterns used by Solorigate attackers directly on a code-level.
Microsoft essentially built multiple CodeQL databases from various build pipelines, and then aggregated them in a single infrastructure to enable system-wide querying capabilities. This enabled the firm to detect malicious activity in code within hours of a coding pattern being described.
Given that this is more of a syntactic and semantic technique that depends upon identifying similarities in coding patterns such as the variable names used, Microsoft has emphasized that if you find the same patterns in your own code base, that does not necessarily mean that it's compromised. Multiple programmers can of course have the same coding style.
At the same time, it is also important to remember that a malicious actor is not constrained to a single coding style. Essentially, if the attacker deviates significantly from their usual implant pattern, they would be able to circumvent Microsoft's CodeQL queries. Regarding the syntactic and semantic code pattern identification capabilities of the CodeQL engine, the Redmond tech giant notes that:
More information about using Microsoft's CodeQL queries is available here. You can find out more about how to deploy queries here.
By Usama Jawad96
Microsoft: Customer data was not accessed in Solorigate attack
by Usama Jawad
In 2020, there was a major global cyberattack, spanning across the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. It was reported to have been triggered by supply chain attacks on three major firms: SolarWinds, Microsoft, and VMware, where attackers were able to access private documents and emails. The attack was dubbed "Solorigate" by Microsoft with President Brad Smith calling it "a moment of reckoning". Now, the company has shared a final update on its Solorigate investigation.
Image via Splashtop Microsoft Corporate Vice President of Security, Compliance, and Identity Vasu Jakkal has concluded that while nation-state actors were able to compromise some initial security procedures, they were then stopped by a "unified team of human and digital defenders". She also clarified that the company has found no proof of customer data or production services being breached. Furthermore, the investigation confirmed that Microsoft software was not used to attack other identities.
Microsoft states that multiple factors aided in limiting the scope of this attack and these should be embraced by other security teams and organizations moving forward as well. These include adopting a Zero Trust security model with multi-factor authentication for credentials, and cloud technologies like Azure Active Directory and Microsoft 365 Defender. Lastly, Jakkal has emphasized that it is paramount that companies and teams work together to strengthen collective defenses.
The Microsoft Security Response Center (MSRC) went on to say that:
MSRC highlighted that even though the attack was discovered in December 2020 with organizations racing to mitigate the threat, its analysis shows that the malicious actor attempted access in January 2021 as well. It has clarified that across all of its services, the attacker was able to view and download only a small number of code files for Azure, Intune, and Exchange. None of the code files breached contained any live credentials being used in production environments.
I am looking to implement something that contains the features below for my development team. Please let me know of the solutions that you would suggest.
Secure Place Able to Put in Code Snippets Able to Save Passwords Able to Save Licenses Documentation around the Code Behind a SSO (SAML/AD/ADFS) Wiki type of interface Onsite or Cloud Solution
Rust Foundation formed to manage namesake language
by Paul Hill
The core team behind the Rust programming language have announced the establishment of the Rust Foundation, an independent non-profit that will steward the increasingly popular language. The move follows lay-offs at Mozilla last August which affected those working on Rust.
Commenting on the formation of the Rust Foundation, Mozilla said:
The board of directors at the new organisation are set to have their first meeting tomorrow. It’s made up of 11 members from the founding members of the organisation: AWS, Huawei, Google, Microsoft and Mozilla. With so many well-established entities backing Rust, it’s longevity is ensured and it’ll be better resourced enabling it to hold better events and create better materials for people looking to get into the language.
Rust is a low-level programming language similar to C. One of the main problems with C is the way it handles memory and when programmers miss these issues it can lead to serious vulnerabilities in things like web browsers and operating systems. Rust was designed with memory safety in mind, while you can disable the safety features, Rust does not compile unsafe code by default which drastically reduces the likelihood of vulnerabilities.
The Internet Security Research Group recently said that it would be using Rust to re-write a core TLS module for httpd to help boost the security of the core web technology.
By News Staff
Save 96% off the Create Your Own Website with WordPress Master Class
by Steven Parker
Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 96% off the Create Your Own Website with WordPress Master Class. Build a powerful website & launch it towards success with 7 hours of content on Facebook Ads plus WordPress eCommerce, blogging, and optimization.
This bundle consists of the following courses:
Facebook Ads: Marketing your WordPress Website's Products
Facebook Crash Course Lets You Master the Art of WordPress Marketing WordPress Complete Website MasterClass
Create a Professional Website & Preset Your Business Brand WordPress eCommerce: Convert Your Website Into an Online Store
Learn How to Create an Ecommerce Online Store Even on Existing Website Creating WordPress Blog
Learn How to Create WordPress Blog & Publish Articles WordPress Website Optimization & Technicals
Optimize Your Website's Performance by Creating Professional Emails, Backups & More Good to know
Certificate of completion included Updates included Length of time users can access this course: lifetime Redemption deadline: redeem your code within 30 days of purchase For a full description, specs, and terms, click here.
Here's the deal:
This Create Your Own Website with WordPress Master Class normally costs* $995, but you can pick it up for just $29.99 for a limited time - that represents a saving of $965.01 (96%) off.
>> Get this deal, or learn more about it <<
See all discounted Online Courses. This is a time-limited offer.
Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.
Not for you?
If this offer doesn't interest you, why not check out the following offers:
Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store
Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.