💡 Database esposto su DeepSeek: cosa è successo

https://gomoot.com/database-esposto-su-deepseek-cosa-e-successo/

#blog #cina #deepseek #hacker #ia #llm #modelli #news #picks #sicurezza #tech #tecnologia #wizresearch

#WizResearch discovered a major #security hole in #DeepSeek

https://technewsro.blog/wiz-research-a-descoperit-o-mare-gaura-n-securitatea-deepseek/

Feudalismus als Geschäftsprinzip

Einen Schwelbrand zu löschen ist fast unmöglich, immer wieder flackern kleine oder größere Glutnester auf. Eine Meldung in den Nachrichten ist das kaum wert, wenn die eine oder andere Katastrophe heimlich ausgetreten werden kann. Und obwohl hinten schon Flammen überall kräftig auflodern, steht Microsoft da und sagt: „Das ist nix, wirklich gar nix – das […]

https://extradienst.net/2023/08/03/feudalismus-als-geschaeftsprinzip/

#Microsoft apparently denies the report from #WizResearch that the impact of the stolen keys from the #Microsoft365 #hack was more severe than what Microsoft initially reported in their #blog, calling it "speculative and not evidence-based".

When asked for comments, Wiz Research was surprised at Microsoft's response because they said that their blog post was "reviewed and validated" by the Microsoft Security Research Team.

#infosec #cybersecurity #cloudsecurity #Azure

https://therecord.media/microsoft-disputes-report-on-chinese-hacking

The implication of the #Microsoft365 #hack goes deeper than just affecting #ExchangeOnline. Researchers from #WizResearch notes that the implication of the stolen #MSA keys could have allowed the attacker to:

forge access tokens for multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams, OneDrive, customers’ applications that support the “login with Microsoft” functionality, and multi-tenant applications in certain conditions.