Tux Machines

Windows TCO Stories

Posted by Roy Schestowitz on Aug 11, 2023

Open Hardware and Linux Devices

today's howtos

UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes

↺ UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes

> “As the risk of cyberattacks [sic] and data breaches escalates, it’s imperative for the government to rethink its approach. Strengthening the rules and mechanisms that reinforce data protection must be prioritized, creating an environment where citizens’ data remains shielded from harm.”

Microsoft OneDrive a willing and eager 'ransomware double agent'

↺ Microsoft OneDrive a willing and eager 'ransomware double agent'

> The first thing one would do in order to turn OneDrive into a double agent, then, would be to hijack someone's account – a task Yair said was relatively easy once he managed to achieve an initial compromise of a Windows machine.

> OneDrive, it turns out, stores all of its log files in a directory for the signed-in user. Those logs, in turn, contain session tokens that Yair said he was able to pull out of the log file once he snagged a copy and parsed it. With the stolen token, Yair was able to get to work.

Microsoft 365 guest accounts + Power Apps = security nightmare

↺ Microsoft 365 guest accounts + Power Apps = security nightmare

> Armed with a compromised or obtained guest account and a Power Apps trial license (available free to anyone who wants one from the Power Apps website), all an attacker needs to do is log in to Power Apps and switch directories to the target tenant they're a guest user on, and voila: they can see a list of all the Power Apps connections their account has access to, and can even create applications inside the tenant. With enough work, the attacker can potentially make off with gobs of internal data.

gemini.tuxmachines.org