Scans for data will pick up those surprise storage locations. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of. Computing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$. In December 2020, vulnerabilities associated with SolarWinds an infrastructure monitoring and management software solution were exploited by Russian hackers. The company revealed that it was informed of the isolated incident by researchers at SOCRadar, though both companies remain in disagreement over how many users were impacted and best practices that cybersecurity researchers should take when they encounter a breach or leak in the future. Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability, Microsoft explained. Cyber incidents topped the barometer for only the second time in the surveys history. Trainable classifiers identify sensitive data using data examples. Regards.. Save my name, email, and website in this browser for the next time I comment. A message from John Furrier, co-founder of SiliconANGLE: Show your support for our mission by joining our Cube Club and Cube Event Community of experts. One thing is clear, the threat isn't going away. This field is for validation purposes and should be left unchanged. At the end of the day, the problem doesn't seem to be in the platform itself, but in the way people use ut. Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. If the proper updates werent applied, the issues remained in place, allowing attackers to take advantage of the flaw long-term. Once the data is located, you must assign a value to it as a starting point for governance. Sorry, an error occurred during subscription. A security lapse left an Azure endpoint available for unauthenticated access in the incident, termed "BlueBleed." The tech giant said it quickly addressed the issue and notified impacted customers. Mainly, this is because the resulting hacks werent all administered by a single group for one purpose. A representative for LinkedIn reported to Business Insider that this data was scraped from publicly available data on the platform. It isnt clear how many accounts were impacted, though Microsoft described it as a limited number. Additionally, the tech giant asserted that email contents and attachments, as well as login credentials, were not compromised in the hack. Microsoft. Microsoft said that it does not believe that any data was improperly accessed prior to correcting the security flaw. Creating the rogue certificate involved exploiting the algorithm Microsoft used to set up remote desktops on systems, allowing code to be crafted that appeared to come from Microsoft. 43. LastPass, one of the world's most popular password managers, suffered a major data breach in 2022 that compromised users' personal data and put their online passwords and other . The tech giant announced in June 2021 that it found malware designed to steal information on a customer support agents computer, potentially allowing the hackers to access basic account information on a limited number of customers. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. On March 22, Microsoft issued a statement confirming that the attacks had occurred. Once within the system, attackers could also view, alter, or remove data, create new user accounts, and more. Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. Please provide a valid email address to continue. However, the failure of the two-factor authentication system places at least some of the blame on the tech giant. In a lengthy blog post, Microsofts security team described Lapsus$ as a large-scale social engineering and extortion campaign against multiple organizations with some seeing evidence of destructive elements. They go on to describe the groups tactics in great detail, indicating that Microsoft had been studying Lapsus$ carefully before the incident occurred. Microsoft Breach - March 2022. The threat intel company added that, from its analysis, the leaked data "includes Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, PII (Personally Identifiable Information) data, and documents that may reveal intellectual property. The data discovery process can surprise organizationssometimes in unpleasant ways. They also said they had secured the endpoint and notified the accounts that had been compromised, and elaborated that they found no evidence customer accounts had actually been compromised only exposed. How do organizations identify sensitive data at scale and prevent accidental exposure of that data? But there werent any other safeguards in place, such as a warning notification inside the software announcing that a system change would make the data public. Related: Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases, Related: Microsoft Confirms NotLegit Azure Flaw Exposed Source Code Repositories. In December 2010, Microsoft announced that Business Productivity Online Suite (BPOS) a cloud service customers data was accessible to other users of the software. Policies related to double checking configuration changes, or having them confirmed by another person, is not a bad idea when the outcome could lead to the exposure of sensitive data.. "We are highly disappointed about MSRCs comments and accusations after all the cooperation and support provided by us that absolutely prevented the global cyber disaster." "Our in-depth investigation and analysis of the data set shows duplicate information, with multiple references to the same emails, projects, and users," Microsoft said. "On this query page, companies can see whether their data is published anonymously in any open buckets. Another was because of insufficient detail to consumers in a privacy policy about data processing practices. You dont want to store data longer than necessary because that increases the amount of data that could be exposed in a breach. Before founding the Firewall Times, he was Vice President of SEO at Fit Small Business, a website devoted to helping small business owners. Microsoft has criticised security firm SOCRadar for "exaggerating" the extent of the data leak and for making a search tool that allows organisations to see if their data was exposed. The business transaction data included names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. "We redirect all our customers to MSRC if they want to see the original data. Our daily alert provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. Overall, at least 47 companies unknowingly made stores data publicly accessible, exposing at least 38 million records. The total damage from the attack also isnt known. VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system. Read our posting guidelinese to learn what content is prohibited. A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services. Read the executive summary Read the report Insights every organization needs to defend themselves Our technologies connect billions of customers around the world. Today's tech news, curated and condensed for your inbox. The Allianz Risk Barometer is an annual report that identifies the top risks for companies over the next 12 months. The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. Microsoft itself has not publicly shared any detailed statistics about the data breach. When you purchase through links on our site, we may earn an affiliate commission. This presentation will provide an overview of the security risks associated with SaaS, best practices for mitigating these risks and protecting data, and discuss the importance of regularly reviewing and updating SaaS security practices to ensure ongoing protection of data. This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations networks.. Overall, hundreds of users were impacted. Microsoft did not say how many potential customers were exposed by the misconfiguration, but in a separate post, SOCRadar, which describes the exposure as BlueBleed, puts the figure at more than 65,000. (Marc Solomon). They are accountable for protecting information and sharing data via processes and workflows that enable protection, while also not hindering workplace productivity. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking. The database contained records collected dating back as far as 2005 and as recently as December 2019. March 3, 2022: Laboratory Bako Diagnostics (BakoDX) confirmed that the company experienced a data breach resulting in the personal and healthcare information of certain consumers being compromised. In Microsoft's server alone, SOCRadar claims to have found2.4 TB of data containing sensitive information, withmore than 335,000 emails, 133,000 projects, and 548,000 exposed users discovered while analyzing the leaked files until now. SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information. November 16, 2022. Chuong's passion for gadgets began with the humble PDA. Microsoft releases Windows security updates for Intel CPU flaws, Microsoft PowerToys adds Paste as plain text and Mouse Jump tools, Microsoft Exchange Online outage blocks access to mailboxes worldwide, Windows 11 Moment 2 update released, here are the many new features, Microsoft Defender app now force-installed for Microsoft 365 users. 'Xbox will exist' if Activision Blizzard deal falls through, says Microsoft's Phil Spencer, A London musician recorded with Muse and Phil Collins, now he's co-producing with ChatGPT, Windows Central Podcast #301: Windows 11, Xbox, Bing. As the specialist looked for more details regarding what was happening, more hacking activity was uncovered. After several rounds of layoffs, Twitter's staff is down from . Along with distributing malware, the attackers could impersonate users and access files. According to Microsoft, the exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorized Microsoft partner. March 16, 2022. Every level of an organizationfrom IT operations and red and blue teams to the board of directors could be affected by a data breach. Due to the security incident, the Costa Rican government established a new Cyber Security Council to better protect citizens' data in the future. Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak Oct 21, 2022 Ravie Lakshmanan Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. Update October 20,08:15 EDT: Added SOCRadar statement and info on a notificationpushed by Microsoft through the M365 admin center on October 4th. While Microsoft worked quickly to patch the vulnerabilities, securing the systems relied heavily on the server owners. We've compiled 98 data breach statistics for 2022 that also cover types of data breaches, industry-specific stats, risks, costs, as well as data breach defense and prevention resources. October 20, 2022 2 minute read The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online - Thanks to a database misconfiguration - The researchers have dubbed the incident "BlueBleed." He was imprisoned from April 2014 until July 2015. The messages were being sent through compromised accounts, including users that signed up for Microsofts two-factor authentication. Based in the San Francisco Bay Area, when not working, he likes exploring the diverse and eclectic food scene, taking short jaunts to wine country, soaking in the sun along California's coast, consuming news, and finding new hiking trails. Microsoft Corp. today revealed details of a server misconfiguration that may have compromised the data of some potential customers in September. 4 Work Trend Index 2022, Microsoft. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.".