Microsoft hacked | Breaking Cybersecurity News | The Hacker News

A 5-year-old San Diego boy managed to hack one of the most popular gaming systems in the world, Xbox and has now been acknowledged as a security researcher by Microsoft. Kristoffer Von Hassel uncovered a vulnerability in Xbox Live's password system, that would allow someone to log into a Xbox player's account without their password. Kristoffer's parents noticed he was logging into his father's Xbox Live account simply by tapping the space bar. YES, BACKDOOR ENTRY WITH JUST SPACE-BAR His father noticed that Kristoffer logged in as his Xbox Live account to play video games that he wasn't meant to be playing and asked how he had done it.  Kristoffer revealed that by typing in the wrong password and then by pressing the spacebar, he bypassed the password verification through a backdoor, and it was pretty simple! HIS FEELING, "was like yeah!" 5-year-old gamer actually hacked the authentication system of a multi-billion dollar company,...

Yesterday Night Microsoft has faced another targeted attack by the Syrian Electronic Army (SEA), a group supposed to be aligned with Syrian President Bashar al-Assad . The SEA group is popular for its advance phishing attack and using the same technique they also hacked into the Official Twitter account of Microsoft News, Xbox Support, Skype and also defaced the Microsoft, Skype Official Blog pages in the past few weeks. Yesterday, Just after the Microsoft uploaded the newly designed website of it ' Microsoft Office ' blog, the Syrian Electronic Army gang again compromised it successfully. SEA uploaded the hacked blog screenshots on their twitter account, with a defacement article titled " Hacked by the Syrian Electronic Army ", as shown. Before, they also taunted Microsoft that " changing the CMS will not help you if your employees are hacked and they don't know about that ." The Group kept their promise to continue their attacks...

Microsoft has become the latest victim of to Cyber attack and confirm that small number of its computers, including some in its Mac software business unit, were infected with malware . Microsoft added , malicious software used in a cyber attack is very similar to those experienced by Facebook and Apple recently. Microsoft gave few other details about the break-in, " We have no evidence of customer data being affected and our investigation is ongoing. " " During our investigation, we found a small number of computers, including some in our Mac business unit that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing, " Microsoft said. " This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries ," the company said. Last week, Apple said its...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...