Daily Authority: 🔎 Lapsus$ gets Bing?

☕ Good morning! Tesla’s factory here in Berlin puts out its first car today, apparently, after all the red tape was cleared. Germany loves its tape.

Bing now in the lap of Lapsus$

Here’s something that really seems to only be getting worse: The Lapsus$ hacker group, which notably has previously grabbed code dumps and information out of NVIDIA and Samsung, is still very much active.

• And it’s unusual because Lapsus$ isn’t doing the ransomware thing.
• It did in the past, but what we’re now seeing is big data dumps of sensitive information and code for software.
• The list of recently compromised companies appears to include NVIDIA, Samsung, Vodafone, Ubisoft, and Argentinian e-commerce company Mercado Libre, and now, Okta and Microsoft.

What’s new:

• Okta seems like it was hacked, and because Okta is the authentication tool for loads of companies, 15,000 of them apparently, ranging from T-Mobile to the FCC to Lululemon to MGM Resorts, that is particularly bad.
• So, those companies and organizations are on high alert: “Any hack of Okta could have major ramifications for the companies, universities, and government agencies that depend upon Okta to authenticate user access to internal systems.”
• (We don’t exactly know what Okta does for each listed client).
• It’s bad because Lapsus$ says it’s been active inside Okta for months, and the hack seems to show Slack channels at Okta from the perspective of a user account, as if an employee has been compromised, maybe via phishing, or one suggestion is that corporate employees are being paid off.
• I don’t know, but Lapsus$ has previously made offers that they’ll simply buy access to networks from employees at big companies, telecommunication companies, gaming corporations, and so on.
• Also, Okta co-founder and CEO Todd McKinnon has now confirmed this, but the carefully crafted tweet fails to really sum up the problem: The “attempt” appears to have been successful, though at least now it is “contained.”
• It’s no small thing either: Okta shares are falling in pre-market.

Microsoft too:

• And with news a few days ago that Ubisoft was also a casualty of Lapsus$, the group released ~37GB of alleged source code from Microsoft, covering Bing, Cortana, and other services, “indicating that they hacked Microsoft’s Azure DevOps server containing source code for Bing, Cortana, and various other internal projects.”
• “Security researchers who have pored over the leaked files told BleepingComputer that they appear to be legitimate internal source code from Microsoft.”

All code is now open source?

• Lapsus$ seems to just be doing this for the spotlight, not cash, as mentioned before.
• Their main Telegram group now has 33,000 subscribers and they join in and chat on a side channel and, quote, are “enjoying the notoriety.”
• And given the Lapsus$ activity profile so far, the next major code dump might come soon.

Roundup

👍 WhatsApp is finally rolling out message reactions. Reacts include: “Like, Love, Laugh, Surprised, Sad, and Thanks” (Android Authority).

🔋 The first phone with 150W charging is out and it doesn’t sacrifice battery health, apparently? (Android Authority).

👉 Two more OnePlus 10 series phones are in the works as per leaked roadmap (Android Authority).

⌚ OnePlus reportedly readying an inexpensive smartwatch. The first was so bad that the second might have a chance if it does actually smartwatch stuff, not just fitness tracking (Android Authority).

📺 Apple blocks Android TV users from renting or buying content on Apple TV app, likely because until recently, Apple was exempt from Google’s fees. It’s not exactly hard to smile at Apple’s brazen approach considering how fiercely it guards its own cut… (Android Authority).

🍎 Apple had a fairly serious two-hour outage, which even meant sales couldn’t complete on in-store purchases, with employees going back to pen and paper (The Verge).

📑 Windows 11 gets a new desktop watermark on unsupported hardware (The Verge).

📺 LG’s 2022 OLED TVs are available now: B2, C2, and G2 — cheapest starts at $1,400 for the 42-inch C2, but won’t arrive until May. More likely you’ll want a bigger 55-inch, like the B2 for $1,500, which is more rapidly available (Engadget).

🎮 Nintendo finally adds folders to the Switch, kind of (The Verge).

🔓 Behold, a password phishing site that can trick even savvy users: browser in the browser. You know when you click “Sign In With Google” or PayPal or whatever? Keep your eyes peeled… (Ars Technica).

🚗 In-car screens could soon be almost invisible: “Imagine a wood accent on your vehicle’s dashboard is also a screen” (CNET).

📡 SpaceX’s Starlink sees the in-flight internet market as a big possibility (CNBC).

🦟 “Evolution can occur really, really rapidly” (Ars Technica).

🤔 “Do animals benefit from cooked food the same way we do?” (r/askscience).

Chart Tuesday

Okay but this is one you might want to actually try at home: Some guy measured his phone’s data speed at 52 intersections across town (on a bicycle, not in a car!) and made a map of the data overlaid on the town.

• What’s up with dead zones? It might be as simple as the very edge of reception for a carrier as the tower gets further away.
• Or it could be something more related to how LTE works with intercell interference or ICI: At the edge of two cells using the same wavelength, quality degrades significantly as briefly explained here at around the nine-minute mark.
• A bunch more discussion about this over on r/dataisbeautiful, including why this town looks so strange, but the answer is, it’s Hawaii.

Cheers,

Tristan Rayner, Senior Editor.