More than 20,000 US organizations compromised through Microsoft flaw

Microsoft has said a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email services to steal data from business users. (AFP / GERARD JULIEN)
Microsoft has said a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email services to steal data from business users. (AFP / GERARD JULIEN)
Short Url
Updated 06 March 2021

More than 20,000 US organizations compromised through Microsoft flaw

More than 20,000 US organizations compromised through Microsoft flaw
  • The hacks are continuing despite emergency patches issued by Microsoft on Tuesday
  • Microsoft and the person working with the US response blamed the initial wave of attacks on a Chinese government-backed actor

WASHINGTON: More than 20,000 US organizations have been compromised through a back door installed via recently patched flaws in Microsoft Corp’s email software, a person familiar with the US government’s response said on Friday.
The hacking has already reached more places than all of the tainted code downloaded from SolarWinds Corp, the company at the heart of another massive hacking spree uncovered in December.
The latest hack has left channels for remote access spread among credit unions, town governments and small businesses, according to records from the US investigation.
Tens of thousands of organizations in Asia and Europe are also affected, the records show.
The hacks are continuing despite emergency patches issued by Microsoft on Tuesday.
Microsoft, which had initially said the hacks consisted of “limited and targeted attacks,” declined to comment on the scale of the problem on Friday but said it was working with government agencies and security companies to provide help to customers.
It added, “impacted customers should contact our support teams for additional help and resources.”
One scan of connected devices showed only 10% of those vulnerable had installed the patches by Friday, though the number was rising.
Because installing the patch does not get rid of the back doors, US officials are racing to figure out how to notify all the victims and guide them in their hunt.
All of those affected appear to run Web versions of email client Outlook and host them on their own machines, instead of relying on cloud providers. That may have spared many of the biggest companies and federal government agencies, the records suggest.
The federal Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.
Earlier on Friday, White House press secretary Jen Psaki told reporters that the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant,” and “could have far-reaching impacts.”
“We’re concerned that there are a large number of victims,” Psaki said.
Microsoft and the person working with the US response blamed the initial wave of attacks on a Chinese government-backed actor. A Chinese government spokesman said the country was not behind the intrusions.
What started as a controlled attack late last year against a few classic espionage targets grew last month to a widespread campaign. Security officials said that implied that unless China had changed tactics, a second group may have become involved.
More attacks are expected from other hackers as the code used to take control of the mail servers spreads.
The hackers have only used the back doors to re-enter and move around the infected networks in a small percentage of cases, probably less than 1 in 10, the person working with the government said.
“A couple hundred guys are exploiting them as fast as they can,” stealing data and installing other ways to return later, he said.
The initial avenue of attack was discovered by prominent Taiwanese cyber researcher Cheng-Da Tsai, who said he reported the flaw to Microsoft in January. He said in a blog post that he was investigating whether the information leaked.
He did not respond to requests for further comment.


34 US states back Epic Games in anti-trust suit against Apple

34 US states back Epic Games in anti-trust suit against Apple
Updated 28 January 2022

34 US states back Epic Games in anti-trust suit against Apple

34 US states back Epic Games in anti-trust suit against Apple
  • Attorneys-general accuse Apple of stifling competition

OAKLAND, California: Apple Inc. is stifling competition through its mobile app store, attorneys general for 34 US states and the District of Columbia said on Thursday, as they appealed against a ruling that let the iPhone maker continue some restrictive practices.

While dozens of state attorneys general have filed recent antitrust lawsuits against other big tech companies, including Facebook owner Meta Platforms Inc. and Alphabet Inc’s Google, none had so far taken aim at Apple.
Thursday’s remarks, led by the state of Utah and joined by Colorado, Indiana, Texas and others, came in a lawsuit in an appeals court against app store fees and payment tools between “Fortnite” video game maker Epic Games and Apple.
“Apple’s conduct has harmed and is harming mobile app-developers and millions of citizens,” the states said.
“Meanwhile, Apple continues to monopolize app distribution and in-app payment solutions for iPhones, stifle competition, and amass supracompetitive profits within the almost trillion-dollar-a-year smartphone industry.”
The action comes after a US district judge in Oakland, California, mostly ruled against Epic last year.
That decision found that commissions of 15 percent to 30 percent which Apple charges some app makers for use of an in-app payment system the company forced on them did not violate antitrust law.
Epic challenged the ruling in the 9th US Circuit Court of Appeals. On Thursday, professors, activist groups and the states weighed in through court filings that described legal arguments in support.
Apple’s reply is expected in March. On Thursday, the company said it was optimistic that Epic’s challenge would fail.
The states said in their filing that the lower court erred by failing to adequately balance the pros and cons of Apple’s rules and also by deciding that a key antitrust law did not apply to non-negotiable contracts Apple makes developers sign.
“Paradoxically, firms with enough market power to unilaterally impose contracts would be protected from antitrust scrutiny — precisely the firms whose activities give the most cause for antitrust concern,” they said.

 


Apple’s holiday iPhone sales surge despite supply shortages

Apple’s holiday iPhone sales surge despite supply shortages
Updated 28 January 2022

Apple’s holiday iPhone sales surge despite supply shortages

Apple’s holiday iPhone sales surge despite supply shortages
  • Apple to report iPhone sales of $71.6 billion for the October-December period

SAN RAMON, California: Apple shook off supply shortages that have curtailed production of iPhones and other popular devices to deliver its most profitable holiday season yet.
The results posted Thursday for the final three months of 2021 help illustrate why Apple is looking even stronger at the tail end of the pandemic than when the crisis began two years ago.
At that point, Apple’s iPhone sales had been flagging as consumers began holding on to their older devices for longer periods. But now the Cupertino, California, company can’t seem to keep up with the steadily surging demand for a device that has become even more crucial in the burgeoning era of remote work.
Apple’s inability to fully satisfy the voracious appetite for iPhones stems from a pandemic-driven shortage of chips that’s affecting the production of everything from automobiles to medical devices.
But Apple so far has navigated the shortfalls better than most companies. That deft management enabled Apple to report iPhone sales of $71.6 billion for the October-December period, a 9 percent increase from the same time in the previous year.
Those sales gains would have likely been even more robust if Apple could have secured all the chips and other components needed to make iPhones. That problem plagued Apple’s July-September quarter when management estimated that supply shortages reduced its iPhone sales by about $6 billion. The company may address how supply shortages affected its performance in the most recent quarter during a conference call with analysts scheduled later Thursday.
Despite what drag the shortages caused, Apple still earned $34.63 billion, or $2.10 per share, a 20 increase from the same time in the previous year. Revenue climbed from the previous year by 11 percent to $123.95 billion.
Apple’s ongoing success help push the company’s market value above $3 trillion for the first time earlier this month. But its stock price has tumbled 13 percent since hitting that peak amid worries about a projected rise in interest rates aimed at dampening the torrid pace of inflation that has been fueled in part by supply shortages.
Its shares gained more than 3 percent in Thursday’s extended trading after the Apple’s fiscal first-quarter numbers came out.
The supply issues looming around Apple’s devices have magnified the importance of the company’s services division, which is fueled by commissions from digital transactions on iPhone apps, subscriptions to music and video streaming and repair plans.
The up to 30 percent commissions collects from apps distributed through Apple’s exclusive app store have become a focal point of a fierce legal battle that unfolded in a high-stakes trial year, as well as proposed reforms recently introduced in the US Senate that tear down the company’s barriers that prevent consumers from using alternative payment systems.
For now, though, the services division is still booming. Its revenue in the past quarter hit $19.52 billion, a 24 percent increase.
Apple is widely believed to be maneuvering toward another potentially huge money-making opportunity with the introduction of an augmented reality headset that would project digital images and information while its users interact with other physical objects and people. True to its secretive form, the company has never said it is working on that kind of technology.
But Apple CEO Tim Cook has openly shared his enthusiasm for the potential of augmented reality in public presentations, and analysts believe the long-rumored headset could finally roll out later this year — unless it’s delayed by supply shortages.


Lebanon’s finance minister says replacing central bank governor is not ‘wise’

Lebanon’s finance minister says replacing central bank governor is not ‘wise’
Updated 28 January 2022

Lebanon’s finance minister says replacing central bank governor is not ‘wise’

Lebanon’s finance minister says replacing central bank governor is not ‘wise’

BEIRUT: Lebanon’s finance minister said on Thursday replacing the central bank governor, Riad Salameh, today is not “wise.”
Finance Minister Youssef Khalil told local broadcaster MTV that nobody proposed removing the central bank governor, but “I do not imagine changing the central bank governor today is a wise matter.”
Salameh, who has support from several top politicians, is being probed in Lebanon and at least four European countries, with his role under close scrutiny since Lebanon’s economic collapse in 2019.
Salameh denies any wrongdoing during almost three decades leading the central bank.


Aramco CEO says energy transition not going smoothly: Reuters

Aramco CEO says energy transition not going smoothly: Reuters
Updated 27 January 2022

Aramco CEO says energy transition not going smoothly: Reuters

Aramco CEO says energy transition not going smoothly: Reuters

BEIRUT: Saudi Aramco CEO Amin Nasser said on Thursday that the energy transition “was not going smoothly,” pointing to a resurgence in demand for oil and gas as the global economy recovers while supplies lag on the back of falling investment, according to Reuters.

“We all agree that to move towards a sustainable energy future a smooth energy transition is absolutely essential but we must also consider the complexities and challenges to get there,” he told the B20 conference in Indonesia via video link.

“We have to acknowledge that the current transition is not going smoothly,” he said.

- Reuters


SNB board recommends dividends of over $1bn for the second half of 2021

SNB board recommends dividends of over $1bn for the second half of 2021
Updated 27 January 2022

SNB board recommends dividends of over $1bn for the second half of 2021

SNB board recommends dividends of over $1bn for the second half of 2021

RIYADH: Saudi National Bank, the Kingdom’s biggest lender, said its board has recommended cash dividends of SR4.03 billion ($1.1 billion), or 9 percent of capital, for the second half of 2021.

SNB’s shareholders will receive SR0.9 per share, with a total amount of 4.48 billion shares eligible for dividends, a bourse statement by the bank revealed.

This brings the annual dividend yield to 2.12 percent, based on a share price of SR73, given the bank paid out SR0.65 per share for the first half of the same year.

The distribution date is yet to be disclosed, according to the statement.