A photo of the icon for the Microsoft email app Outlook.

Security bug allows anyone to spoof Microsoft employee emails

by with No Comment Tech

A photo of the icon for the Microsoft email app Outlook.

Image Credits: Jaap Arriens/NurPhoto / Getty Images

A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. 

As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft’s account security team.

Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn’t reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it. 

“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin told TechCrunch in an online chat. “Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”

The bug, according to Kokorin, only works when sending the email to Outlook accounts. Still, that is a pool of at least 400 million users all over the world, according to Microsoft’s latest earnings report. 

Kokorin said he last followed up with Microsoft on June 15. Microsoft did not respond to TechCrunch’s request for comment on Tuesday. 

TechCrunch is not divulging technical details of the bug in order to prevent malicious hackers from exploiting it.

“I did not expect my post to get such a reaction. Honestly, I just wanted to share my frustration because this situation made me sad,” Kokorin said. “Many people misunderstood me and think that I want money or something like that. In reality, I just want companies not to ignore researchers and to be more friendly when you try to help them.”

It’s not known if anyone other than Kokorin found the bug, or if it has been maliciously exploited.

While the threat of this bug, at this point, is unknown, Microsoft has experienced several security problems in recent years, prompting investigations by both federal regulators and congressional lawmakers. 

Last week, Microsoft president Brad Smith testified in a House hearing after China stole a tranche of U.S. federal government emails from Microsoft’s servers in 2023. In the hearing, Smith pledged a renewed effort to prioritize cybersecurity in the company after a slew of security embarrassments. 

Months earlier, in January, Microsoft confirmed that a Russian-government linked hacking group had broken into Microsoft corporate emails accounts to steal information about what the company’s top executives knew about the hackers themselves. And last week, ProPublica revealed that Microsoft had failed to heed warnings about a critical flaw that was later exploited in the Russian-backed cyber espionage campaign that targeted tech company SolarWinds.

Flipboard users can now follow anyone in the fediverse, including those on Threads

by with No Comment Tech

Image Credits: Flipboard

Instagram Threads users are gaining a new audience. On Tuesday, the social magazine app Flipboard took another step toward integrating with ActivityPub, the decentralized social networking protocol that powers services like Mastodon, PixelFed, PeerTube and others. Starting Tuesday, Flipboard users can follow any federated accounts, meaning those that participate in the social network of interconnected servers known as the fediverse. This now includes Threads accounts in addition to Mastodon accounts and others.

With the update, which deepens Flipboard’s connection with the ActivityPub social graph, any Flipboard user can follow user profiles from any other federated service. If their Flipboard account is also federated, they can interact with those users’ posts and participate in conversations, as well.

Image Credits: Flipboard

Flipboard’s user base, however, is currently undisclosed. The app, first founded in 2010 as a social magazine experience, where users curate content from around the web, has more recently taken on new life as a participant in the fediverse. After losing its ability to integrate with X, formerly Twitter, following API changes at the Elon Musk-run company, Flipboard joined the fediverse with a Mastodon integration and said it would work to become a fully federated app itself over time by integrating with the ActivityPub protocol.

Since then, the company has taken steps to bring its content and user profiles to the fediverse. Today, Flipboard has federated 700 curators and publishers and their combined 15,000 magazines. Most of these accounts are in the U.S., but the company is now testing around a dozen more in the U.K. and Germany, it says.

The Flipboard app supports full fediverse integration, but the company hasn’t yet allowed all users to turn on federation as it’s a phased rollout. We’re told the goal is to make federation a setting users can select later this year, similar to how Threads added a “fediverse sharing” option in June. When federation is enabled, people will be able to not only share to the fediverse but also see and engage with conversations around their Flipboard posts that are taking place in the fediverse.

What makes up the fediverse is also changing. After Elon Musk acquired Twitter, the idea of a decentralized social platform — one that couldn’t be bought by billionaires and that supported account portability — grew in popularity. With Meta’s adoption of ActivityPub for its newest app, Threads, the movement began to take off. As a result of users’ growing interest in a new social web, WordPress blogs can now also be followed in the fediverse, following parent company Automattic’s acquisition of an ActivityPub plugin. Meanwhile, newsletter platform Ghost, a Substack rival, more recently began work on federation. Mozilla and Medium also set up their own Mastodon servers, known as instances.

With Tuesday’s update on Flipboard, people can find and follow others in the fediverse across three areas of its app: Search, Explore and Community. In search results, Flipboard will surface federated accounts and profile results in a new section, “Fediverse Accounts.” Editorial recommendations can also be found in the app’s “Explore” tab under “Fediverse,” and every week a new selection of accounts will be featured in the Community section. Activity from the fediverse will also be displayed in the Flipboard notifications panel, allowing people to engage and follow others in the fediverse directly from their notifications.

For Flipboard users, that means they can now follow user profiles from Threads and Mastodon in the Flipboard app, including high-profile users like President Joe Biden (POTUS) and former President Barack Obama on Threads, as well as various creators, like Marques Brownlee, and journalists, like Kara Swisher.

A photo of the icon for the Microsoft email app Outlook.

Security bug allows anyone to spoof Microsoft employee emails

by with No Comment Tech

A photo of the icon for the Microsoft email app Outlook.

Image Credits: Jaap Arriens/NurPhoto / Getty Images

A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. 

As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft’s account security team.

Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn’t reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it. 

“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin told TechCrunch in an online chat. “Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”

The bug, according to Kokorin, only works when sending the email to Outlook accounts. Still, that is a pool of at least 400 million users all over the world, according to Microsoft’s latest earnings report. 

Kokorin said he last followed up with Microsoft on June 15. Microsoft did not respond to TechCrunch’s request for comment on Tuesday. 

TechCrunch is not divulging technical details of the bug in order to prevent malicious hackers from exploiting it.

“I did not expect my post to get such a reaction. Honestly, I just wanted to share my frustration because this situation made me sad,” Kokorin said. “Many people misunderstood me and think that I want money or something like that. In reality, I just want companies not to ignore researchers and to be more friendly when you try to help them.”

It’s not known if anyone other than Kokorin found the bug, or if it has been maliciously exploited.

While the threat of this bug, at this point, is unknown, Microsoft has experienced several security problems in recent years, prompting investigations by both federal regulators and congressional lawmakers. 

Last week, Microsoft president Brad Smith testified in a House hearing after China stole a tranche of U.S. federal government emails from Microsoft’s servers in 2023. In the hearing, Smith pledged a renewed effort to prioritize cybersecurity in the company after a slew of security embarrassments. 

Months earlier, in January, Microsoft confirmed that a Russian-government linked hacking group had broken into Microsoft corporate emails accounts to steal information about what the company’s top executives knew about the hackers themselves. And last week, ProPublica revealed that Microsoft had failed to heed warnings about a critical flaw that was later exploited in the Russian-backed cyber espionage campaign that targeted tech company SolarWinds.

Security bug allows anyone to spoof Microsoft employee emails

by with No Comment Tech

A photo of the icon for the Microsoft email app Outlook.

Image Credits: Jaap Arriens/NurPhoto / Getty Images

A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. 

As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an email to TechCrunch that looked like it was sent from Microsoft’s account security team.

Last week, Vsevolod Kokorin, also known online as Slonser, wrote on X (formerly Twitter) that he found the email-spoofing bug and reported it to Microsoft, but the company dismissed his report after saying it couldn’t reproduce his findings. This prompted Kokorin to publicize the bug on X, without providing technical details that would help others exploit it. 

“Microsoft just said they couldn’t reproduce it without providing any details,” Koroin told TechCrunch in an online chat. “Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”

The bug, according to Kokorin, only works when sending the email to Outlook accounts. Still, that is a pool of at least 400 million users all over the world, according to Microsoft’s latest earnings report. 

Kokorin said he last followed up with Microsoft on June 15. Microsoft did not respond to TechCrunch’srequest for comment on Tuesday. 

TechCrunch is not divulging technical details of the bug in order to prevent malicious hackers from exploiting it.

“I did not expect my post to get such a reaction. Honestly, I just wanted to share my frustration because this situation made me sad,” Kokorin said. “Many people misunderstood me and think that I want money or something like that. In reality, I just want companies not to ignore researchers and to be more friendly when you try to help them.”

It’s not known if anyone other than Kokorin found the bug, or if it has been maliciously exploited.

While the threat of this bug, at this point, is unknown, Microsoft has experienced several security problems in recent years, prompting investigations by both federal regulators and congressional lawmakers. 

Last week, Microsoft president Brad Smith testified in a House hearing after China stole a tranche of U.S. federal government emails from Microsoft’s servers in 2023. In the hearing, Smith pledged a renewed effort to prioritize cybersecurity in the company after a slew of security embarrassments. 

Months earlier in January, Microsoft confirmed that a Russian-government linked hacking group had broken into Microsoft corporate emails accounts to steal information about what the company’s top executives knew about the hackers themselves. And last week, ProPublica revealed that Microsoft had failed to heed warnings about a critical flaw that was later exploited in the Russian-backed cyber espionage campaign that targeted tech company SolarWinds.

Garena relaunches Free Fire in India a year after ban

Anyone seen Garena's Free Fire in India?

by with No Comment Tech

Garena relaunches Free Fire in India a year after ban

Image Credits: Jakub Porzycki / NurPhoto / Getty Images

Sea’s Garena has yet to launch its popular mobile title Free Fire in India, more than six months after announcing plans to do so, a prolonged delay that has raised concerns among entrepreneurs and investors who are closely watching Sea’s expansion strategy in the lucrative South Asian market.

Garena, the gaming unit of Sea, announced plans to launch Free Fire in India in August last year, marking a return more than a year and a half after the title was banned in India. The firm — which has partnered with Yotta, controlled by local giant Hiranandani, for cloud and other storage needs of local users’ data in the country — said it will release the title in India on September 5.

But more than six months later, the firm that appointed Indian cricket icon Mahendra Singh Dhoni as its brand ambassador in the country has yet to launch the game.

Yanjun Wang, group chief corporate officer at Sea, said during the earnings call this week that the Singapore-headquartered giant was “still making changes” to the game to factor in “users’ preference locally” and has “no material development” to share.

Free Fire, once a beloved game in India with more than 40 million users, has left its devoted fanbase frustrated by Garena’s lack of transparency regarding the relaunch, leading many gamers to abandon the title in favor of Krafton’s BGMI.

Sea declined to comment.

India banned Free Fire and dozens of other Chinese apps in 2022. Days later, Sea said it was shutting down Shopee’s operations in India, months into testing the social commerce service in the country.

The testing of Shopee in India had prompted criticism from local retailers in the country. The Confederation of All India Traders, an influential lobby group for scores of offline retailers in India, had reached out to Prime Minister Narendra Modi, cautioning him that the arrival of yet another foreign player engaging in what it alleged were “unfair trade practices” will hurt the local ecosystem.

India had also banned Krafton’s PUBG in the country, but last year permitted the firm to launch a similar battle royale title. Krafton’s title has once again become the most popular game in India.