NEW NOBELIUM ACTIVITY

The criminal group called Nobelium has broken into some servers at Microsoft. Nobelium is also implicated in the SolarWinds breach.

Microsoft has secured the computer, which the hackers infected with information-stealing software, and notified the “small number” of affected customers, it said in a Friday post on its Security Response Center site.

Lax security is an invitation for disaster. The servers in the studio are hardened against hacking. It is known that Microsoft use slightly weaker passwords which is probably adequate but 256-bit are very strong.

Linux uses salted hashed password validation which means even a copy of the password file is useless to a miscreant. Windows uses online authentication to SSL protected servers mostly due to licensing requirements.

ZERO TRUST

Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies. Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity. Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

One of the reasons for certificates for software is the idea of trust. The site has a certificate that shows only that the site URL is not breached. Certificates are becoming more common but the convenience is marred by commercial interests versus open source free certificates like the one used here. The current certificate is good until September when the linux command line tool is needed to update it.

Microsoft Security Response Center