Look for data classification technology solutions that allow auto-labeling, auto-classification, and enforcement of classification across an organization. Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsofts verified publisher status. . In April 2019, Microsoft announced that hackers had acquired a customer support agents credentials, giving them access to some webmail accounts including @outlook.com, @msn.com, and @hotmail.com accounts between January 1, 2019, and March 28, 2019. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. The hacker gained access to the personal data through an employee's email that contained sensitive information including patient names, medical information, and test results. Dr. Alex Wolf, Graduating medical student(PHD), hacker Joe who helped me in changing my grade and repaired my credit score with better score, pls reach out to him if you need An hacking service on DIGITALDAWGPOUNDHACKERGROUP@GMAIL.COM (Torsten George), The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. After classifying data as confidential or highly confidential, you must protect it against exposure to nefarious actors. Heres how it works. However, it required active steps on the part of the user and wasnt applied by Microsoft automatically. But there werent any other safeguards in place, such as a warning notification inside the software announcing that a system change would make the data public. Flame wasnt just capable of infecting machines; it could also spread itself through a network using a rogue Microsoft certificate. SOCRadar has also made available a free tool that companies can use to find out if their data was exposed in one of the BlueBleed buckets. Azure and Breach Notification under the GDPR further details how Microsoft investigates, manages, and responds to security incidents within Azure. Digital Trends Media Group may earn a commission when you buy through links on our sites. Creating the rogue certificate involved exploiting the algorithm Microsoft used to set up remote desktops on systems, allowing code to be crafted that appeared to come from Microsoft. Sometimes, organizations collect personal data to provide better services or other business value. "Our investigation did not find indicators of compromise of the exposed storage location. In some cases, it was employee file information. We want to hear from you. After all, people are busy, can overlook things, or make errors. Microsoft was alerted by security researchers at SOCRadar about a misconfigured endpoint that had exposed some customer information. At the end of the day, the problem doesn't seem to be in the platform itself, but in the way people use ut. Data leakage protection tools can protect sensitive documents, which is important because laws and regulations make companies accountable. Never seen this site before. The exposed data includes, for example, emails from US .gov, talking about O365 projects, money etc - I found this not via SOCRadar, it's cached. April 2022: Kaiser Permanente. Retardistan is by far the largest provider of tools to keep our youth memerised, so take a break sit back and think about what would be good for our communities and not just for your hip pocket. All Rights Reserved. A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. One main issue was the implementation of a sign sign-in system that allowed users to link their Microsoft and Skype accounts. Learn how Rabobank, Fannie Mae, and Ernst & Young maximized their existing Microsoft 365 subscriptions to gain integrated data loss prevention and information protection. Get the best of Windows Central in your inbox, every day! The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. A post in M365 Admin Center, ignoring regulators and telling acct managers to blow off customers ain't going to cut it. The company said the leak included proof-of-execution (PoE) and statement of work (SoW) documents, user information, product orders and offers, project details, and personal information. The IT giant confirmed by stating that the hacker obtained "limited access" from one account, which Lapsus$ compromised. "On September 24, 2022, SOCRadar's built-in Cloud Security Module detected a misconfigured Azure Blob Storage maintained by Microsoft containing sensitive data from a high-profile cloud provider," SOCRadarsaid. A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services. The threat intel company added that, from its analysis, the leaked data "includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property. The only way to ensure that your sensitive data is stored properly is with a thorough data discovery process. Please refresh the page and try again. UpdateOctober 19,14:44 EDT: Added more info on SOCRadar's BlueBleed portal. Even though Microsoft's investigation revealed that no customer accounts or systems were compromised, the SOCRadar security researchers who notified Microsoft of its misconfigured server were able to link information directly back to 65,000 entities across 111 countries in file data composed between 2017 and 20222, according to a report on Bleeping Computer. So, tell me Mr. & Mrs. Microsoft, would there be any chance at all that you may in fact communicate with your customer base. The extent of the breach wasnt fully disclosed to the public, though former Microsoft employees did state that the database contained descriptions of existing vulnerabilities in Microsoft software, including Windows operating systems. They were researching the system and discovered various vulnerabilities relating to Cosmos DB, the Azure database service. When considering plan protections, ask: Who can access the data? In a lengthy blog post, Microsofts security team described Lapsus$ as a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements. They go on to describe the groups tactics in great detail, indicating that Microsoft had been studying Lapsus$ carefully before the incident occurred. After several rounds of layoffs, Twitter's staff is down from . Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding. Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been shared so far, and all this crawled data was deleted from our systems," SOCRadar VP of Research and CISO Ensar eker told BleepingComputer. Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. One day companies are going to figure out just how bad a decision it was t move everything to and become dependent on a cloud. He graduated from the University of Virginia with a degree in English and History. As a result, the impact on individual companies varied greatly. In January 2020, news broke of a misconfigured Microsoft internal customer support database that left records on 250 million customers were exposed. Also, consider standing access (identity governance) versus protecting files. "Threat actors who may have accessed the bucket may use this information in different forms for extortion, blackmailing, creating social engineering tactics with the help of exposed information, or simply selling the information to the highest bidder on the dark web and Telegram channels," SOCRadar warned. The main concern is that the data could make the customers prime targets for scammers, as it would make it easier for them to impersonate Microsoft support personnel. "No data was downloaded. our article on the Lapsus$ groups cyberattacks, Data Leak Notice on iPhone What to Do About It, Verizon Data Breaches: Full Timeline Through 2023, AT&T Data Breaches: Full Timeline Through 2023, Google Data Breaches: Full Timeline Through 2023. Microsoft Corp. today revealed details of a server misconfiguration that may have compromised the data of some potential customers in September. The 68 Biggest Data Breaches (Updated for November 2022) Our updated list for 2021 ranks the 60 biggest data breaches of all time . In this climate of data gathering and privacy concerns, the Tor browser has become the subject of discussion and notoriety. A hacking group known as the Xbox Underground repeatedly hacked Microsoft systems between 2011 and 2013. Mainly, this is because the resulting hacks werent all administered by a single group for one purpose. ", Furthermore, Redmond said that SOCRadar's decision to collect the data and make it searchable using a dedicated search portal "is not in the best interest of ensuring customer privacy or security and potentially exposing them to unnecessary risk. Kron noted that although cloud services can be very convenient, and if secured properly, also very secure, when a misconfiguration occurs, the information can be exposed to many more potential people than on traditional internal on-premise systems. As mentioned earlier, data discovery requires locating all the places where your sensitive data is stored. Additionally, they breached certain developer systems, including those operated by Zombie Studios, a company behind the Apache helicopter simulator used by the U.S. military. For its part, Microsoft claimed that it had quickly secured its servers upon being notified, and that it has alerted affected customers of the potential data breach. : +1 732 639 1527. Microsoft confirmed that a misconfigured system may have exposed customer data. Hacker group LAPSUS$ - branded DEV-0537 in Microsoft's blog post . "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.". In a year of global inflation and massive rises in energy costs, it should come as no surprise that the cost of a data breach has also reached . The leaked data does not belong to us, so we keep no data at all. Threat intelligence firm SOCRadar revealed on Wednesday that it has identified many misconfigured cloud storage systems, including six large buckets that stored information associated with 150,000 companies across 123 countries. In June 2012, word of a man-in-the-middle attack that allowed hackers to distribute malware by disguising the malicious code as a genuine Microsoft update emerged. In total, SOCRadar claims it was able to link this sensitive information to more than 65,000 entities from 111 countries stored in files dated from 2017 to August 2022. January 25, 2022. However, SOCRadar also responded by making its BlueBleed search portal available to Microsoft customers who might be concerned they have been affected by the leak. However, News Corp uncovered evidence that emails were stolen from its journalists. Hopefully, this will help organizations understand the importance of data security and how to better allocate their security budgets. However, it isnt clear whether the information was ultimately used for such purposes. The research firm insists that it has not overstepped any privacy protocols in its work and none of the information it uncovered was saved on its end. In a revelation this week, Microsoft's Security Response Center (MSRC) said it was notified by threat intelligence firm SOCRadar on September 24 . Sensitive data can live in unexpected places within your organization. In recent years under the leadership of CEO Satya Nadella, Microsoft made data security and privacy practices central pillars of of its operations, so it is refreshing to see the company take swift action to correcting the security flaw. The hackers then pushed out malicious updates to approximately 18,000 SolarWinds customers utilizing a supply chain attack approach, giving them access to the customers systems, networks, and data. The tech giant has thanked SOCRadar, but its not happy with the companys blog post, claiming that it greatly exaggerates the scope of the issue and the numbers involved. MWC 2023 moves beyond consumer and deep into enterprise tech, Carrier equipment maker Ericsson lets go 8,500 employees, Apple reportedly planning second-generation mixed reality headset for 2025, Report: Justice Department plans lawsuit to block Adobe's $20B Figma acquisition, Galaxy Digital finalizes $44M acquisition of crypto self-custody platform GK8, Meta releases LLaMA to democratize access to large language AI models, INFRA - BY MARIA DEUTSCHER . It's Friday, October 21st, 2022. They also said they had secured the endpoint and notified the accounts that had been compromised, and elaborated that they found no evidence customer accounts had actually been compromised only exposed. In March 2013, nearly 3,000 Xbox Live users had their credentials exposed after participating in a poll and entering a prize draw. SOCRadar'sdata leak search portal is namedBlueBleed and it allowscompaniesto find if their sensitive info wasalso exposed with the leaked data. Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar. Patrick O'Connor, CISSP, CEH, MBCS takes a look at significant security incidents in 2022 so far: some new enemies, some new weaknesses but mostly the usual suspects. If there's a cyberattack, hack, or data breach you should know about, then we're on it. (Joshua Goldfarb), Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. Microsoft uses the following classifications: Identifying data at scale is a major challenge, as is enforcing a process so employees manually mark documents as sensitive. October 2022: 548,000+ Users Exposed in BlueBleed Data Leak The exposed information allegedly included over 335,000 emails, 133,000 projects, and 548,000 users. February 21, 2023. The company believes such tools should include a verification system to ensure that a user can only look for data pertaining to them, and not to other users. Per SOCRadar's analysis, these files contain customer emails, SOW documents, product offers,POC (Proof of Concept) works, partner ecosystem details, invoices, project details, customer product price list,POE documents, product orders, signed customer documents, internal comments for customers, sales strategies, and customer asset documents. Almost 70,000 patients had their personal data compromised in a recent breach of Kaiser Permanente. The company revealed that information that may have been exposed as a result of the breach include names, email addresses, email content, company name, phone numbers, and other attached files, but Microsoft stopped short of revealing how many entities were impacted. In 2020, Equifax was made to pay further settlements relating to the breach: $7.75 million (plus $2 million in legal fees) to financial institutions in the US plus $18.2 million and $19.5 million . Also, follow us at@MSFTSecurityfor the latest news and updates on cybersecurity. Attackers gained access to the SolarWinds system, giving them the ability to use software build features. Please provide a valid email address to continue. Product Source Code Compromised March 25, 2022 | In News | By admin Hacker group Lapsus$ had breached Microsoft, and it claimed that they compromised the source code of various Microsoft products. "Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users," Microsoft said. 85. The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability, Microsoft explained. The company's support team also reportedly told customers who reached out that it would not notify data regulators because "no other notifications are required under GDPR" besides those sent to impacted customers. We really want to hear from you, and were looking forward to seeing you at the event and in theCUBE Club. It isnt known whether the information was accessed by cybercriminals before the issues were addressed. BlueBleed discovered 2.4TB of data, including 335,000 emails, 133,000 projects, and 584,000 exposed users, according to a report on Bleeping Computer. In 2021, the number of data breaches climbed 68 percent to 1,862 (the highest in 17 years) with an average cost of USD4.24 million each.1 About 45 million people were impacted by healthcare data breaches alonetriple the number impacted just three years earlier.2. SOCRadar executives stated that the company does not keep any of the data it comes across and has since deleted any data that its tool may have accessed. 2. Visit our corporate site (opens in new tab). The issue was discovered by UpGuard, a cybersecurity firm, and was promptly reported to Microsoft and impacted organizations, allowing the tech giant and the other companies and agencies to address the problem and plug the leaks. On February 21, Activision acknowledged that they suffered a data breach in December 2022, after a hacker tricked an employee via an SMS phishing attack. 1Cost of a Data Breach Report 2021, Ponemon Institute, IBM. Successfully managing the lifecycle of data requires that you keep data for the right amount of time. Once the hackers could access customer networks, they could use customer systems to launch new attacks. IBM found that the global average cost of a data breach in 2022 was the highest ever since the dawn of conducting these reports. Microsoft followed suit and named a Chinese state-sponsored hacker group, Hafnium, as the culprit behind the attack. In August 2021, security professionals at Wiz announced that they were able to access customer databases and accounts housed on Microsoft Azure a cloud-based computing platform including records and data relating to many Fortune 500 companies. The group posted a screenshot on Telegram to. "We are highly disappointed about MSRCs comments and accusations after all the cooperation and support provided by us that absolutely prevented the global cyber disaster." You dont want to store data longer than necessary because that increases the amount of data that could be exposed in a breach. The hacker was charging the equivalent of less than $1 for the full trove of information. Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.