Wikipedia Pushes for AI Licensing Deals as Jimmy Wales Calls for Fair Compensation 
Sam Altman Reportedly Explored Funding for Rocket Venture in Potential Challenge to SpaceX 
Trump Administration to Secure Equity Stake in Pat Gelsinger’s XLight Startup 
Australia Moves Forward With Teen Social Media Ban as Platforms Begin Lockouts 
Morgan Stanley Boosts Nvidia and Broadcom Targets as AI Demand Surges 
Amazon and Google Launch New Multicloud Networking Service to Boost High-Speed Cloud Connectivity 
Hikvision Challenges FCC Rule Tightening Restrictions on Chinese Telecom Equipment 
Apple Leads Singles’ Day Smartphone Sales as iPhone 17 Demand Surges 
Coupang Apologizes After Massive Data Breach Affecting 33.7 Million Users 
EU Prepares Antitrust Probe Into Meta’s AI Integration on WhatsApp 
Firelight Launches as First XRP Staking Platform on Flare, Introduces DeFi Cover Feature 
Nexperia Urges China Division to Resume Chip Production as Supply Risks Mount 
Baidu Cuts Jobs as AI Competition and Ad Revenue Slump Intensify 
Australia Releases New National AI Plan, Opts for Existing Laws to Manage Risks 
Banks Consider $38 Billion Funding Boost for Oracle, Vantage, and OpenAI Expansion 
TSMC Accuses Former Executive of Leaking Trade Secrets as Taiwan Prosecutors Launch Investigation 
Norway’s Wealth Fund Backs Shareholder Push for Microsoft Human-Rights Risk Report 
Microsoft confirmed it has been tracking the Lapsus$ hacker group and released a set of recommendations for its customers on how to mitigate risks of being the next target. The company also confirmed that the group has gained “limited access” to some source codes of its products, but maintained that no customer code or data were involved in the cyber breach.
In a lengthy blog post published on Tuesday, Microsoft confirmed it has been actively monitoring the activities of the group, which it officially named DEV-0537. The tech giant noted that Lapsus$, per Microsoft’s observations in recent weeks, has employed social engineering and extortion campaigns against its targets.
Microsoft took note of the group’s claims of gaining access to its server, resulting in “exfiltrated portions of source code.” But the company assured its customers that their data and codes remain safe.
“No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access,” the company said. “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.”
Microsoft confirmed the incident a couple of days after Lapsus$ had reportedly leaked the source code for Microsoft’s software products, including Bing and Cortana. Bleeping Computer reported that the group shared a screenshot on their Telegram channel on Sunday to prove it had accessed Microsoft’s Azure DevOps server.
Lapsus$ released 9GB worth of files on late Monday, which they claimed to be containing the source code of more than 250 Microsoft projects. The same report, however, noted that uncompressed files included around 37GB of source code from the company.
Meanwhile, Microsoft warned its customers and other companies that Lapsus$ had been openly recruiting employees of potential targets who would give them credentials and multifactor authentication details in exchange for money.
The company noted that the hacker group has been using a common form of social engineering attack. They reportedly use a compromised account that they would then bombard with MFA prompts before calling the target company’s IT help desk to request for the credentials to be reset. Before Microsoft, Lapsus$ made headlines after reportedly targeting Nvidia, Samsung, and Ubisoft.
Photo by Aktar Hossain on Unsplash
