This is simply something organizations that are hosting applications and data in any of the various cloud platforms need to understand, Kron added. We have directly notified the affected customers.". 1Cost of a Data Breach Report 2021, Ponemon Institute, IBM. On March 20, 2022, the hacker group Lapsus$ posted a screenshot to their Telegram channel indicating that they had breached Microsoft. Learn four must-haves for multicloud data protection, including how an integrated solution provides greater scalability and protection across your multicloud and hybrid environment. The hackers then pushed out malicious updates to approximately 18,000 SolarWinds customers utilizing a supply chain attack approach, giving them access to the customers systems, networks, and data. The tech giant announced in June 2021 that it found malware designed to steal information on a customer support agents computer, potentially allowing the hackers to access basic account information on a limited number of customers. History has shown that when it comes to ransomware, organizations cannot let their guards down. Of an estimated 294 million people hacked in 2021, about 164 million were at risk because of data exposure eventswhen sensitive data is left vulnerable online.3. Eduard Kovacs March 23, 2022 Microsoft and Okta have both confirmed suffering data breaches after a cybercrime group announced targeting them, but the companies claim impact is limited. These buckets, which the firm has dubbed BlueBleed, included a misconfigured Azure Blob Storage instance allegedly containing information on more than 65,000 entities in 111 countries. But there werent any other safeguards in place, such as a warning notification inside the software announcing that a system change would make the data public. "Threat actors who may have accessed the bucket may use this information in different forms for extortion, blackmailing, creating social engineering tactics with the help of exposed information, or simply selling the information to the highest bidder on the dark web and Telegram channels," SOCRadar warned. On March 22, Microsoft issued a statement confirming that the attacks had occurred. Microsoft stated that a very small number of customers were impacted by the issue. The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shors algorithm to crack PKI encryption. Written by RTTNews.com for RTTNews ->. One day companies are going to figure out just how bad a decision it was t move everything to and become dependent on a cloud. Average Total Data Breach Cost Increase By 2.6%. In March 2022, the group posted a torrent file online containing partial source code from . October 2022: 548,000+ Users Exposed in BlueBleed Data Leak One of these fines was related to violating the GDPRs personal data processing requirements. Neiman Marcus: In October, Neiman Marcus made a data breach that occurred in May 2020 public. The first few months of 2022 did not hold back. Data leakage protection is a fast-emerging need in the industry. ", Microsoft added today that it believes SOCRadar "greatly exaggerated the scope of this issue" and "the numbers. It isnt clear how many accounts were impacted, though Microsoft described it as a limited number. Additionally, the tech giant asserted that email contents and attachments, as well as login credentials, were not compromised in the hack. Microsoft also fired back at SOCRadar for exaggerating the scope of the issue, so it's unclear if that company's report that 65,000 entities affected hold true. In one of the broadest security incidents involving Microsoft, four zero-day vulnerabilities led to widespread hacking attempts targeting Microsoft Exchange Servers. Eduard holds a bachelors degree in industrial informatics and a masters degree in computer techniques applied in electrical engineering. Future US, Inc. Full 7th Floor, 130 West 42nd Street, Microsoft exposed some of its customers' names, email addresses, and email content, among other sensitive data. Humans are the weakest link. Threat intelligence firm SOCRadar reported that a Microsoft customer data breach affected hundreds of thousands of users from thousands of entities worldwide. The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. Sorry, an error occurred during subscription. It all began in August 2022, when LastPass revealed that a threat actor had stolen the apps source code. October 20, 2022 2 minute read The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online - Thanks to a database misconfiguration - The researchers have dubbed the incident "BlueBleed." The Most Recent Data Breaches And Security Breaches 2021 To 2022 Jason Wise Published on: July 26, 2022 Last Updated: January 16, 2023 Fact Checked by Marley Swindells In this blog, we will be discussing the most recent data breaches and security breaches and other relevant information. Windows Central is part of Future US Inc, an international media group and leading digital publisher. This misconfiguration resulted in unauthenticated access to some business transaction data, it says. IBM found that the global average cost of a data breach in 2022 was the highest ever since the dawn of conducting these reports. They are accountable for protecting information and sharing data via processes and workflows that enable protection, while also not hindering workplace productivity. Related: Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases, Related: Microsoft Confirms NotLegit Azure Flaw Exposed Source Code Repositories. A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services. Thank you, CISA releases free Decider tool to help with MITRE ATT&CK mapping, Terms of Use - Privacy Policy - Ethics Statement, Copyright @ 2003 - 2023 Bleeping Computer LLC - All Rights Reserved. Please try again later. The Allianz Risk Barometer is an annual report that identifies the top risks for companies over the next 12 months. Hackers also had access relating to Gmail users. Many security experts remain alarmed about the large, Chinese-linked hack of Microsoft's Exchange email service a week after the attack was first reported. January 31, 2022. Microsoft Data Breach Source: youtube.com. News Corp. News Corp., the publisher of the Wall Street Journal and a range of global media outlets, said in a securities filing that it was hit by a cyberattack in January 2022 and that some data . Get the best of Windows Central in your inbox, every day! Another was because of insufficient detail to consumers in a privacy policy about data processing practices. You dont want to store data longer than necessary because that increases the amount of data that could be exposed in a breach. The data discovery process can surprise organizationssometimes in unpleasant ways. Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place. In January 2010, news broke of an Internet Explorer zero-day flaw that hackers exploited to breach several major U.S. companies, including Adobe and Google. Microsoft has published the article Investigation Regarding Misconfigured Microsoft Storage Location regarding this incident. January 18, 2022. The total damage from the attack also isnt known. > Redmond added that the leak was caused by the "unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem" and *not due to a security vulnerability.*. After SCORadar flagged a Microsoft data breach at the end of October, the company confirmed that a server misconfiguration had caused 65,000+ companies' data to be leaked. SOCRadar executives stated that the company does not keep any of the data it comes across and has since deleted any data that its tool may have accessed. A representative for LinkedIn reported to Business Insider that this data was scraped from publicly available data on the platform. by January 17, 2022. (Matt Wilson), While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in a self-service manner are becoming increasingly popular. Microsoft also took issue with SOCRadar's use of the BlueBleed tool to crawl through servers to figure out what information, if any, may have been exposed as a result of security flaws or breaches. Average cost of a data breach in recent years, Cost of a Data Breach Report 2022, IBM Security For data classification, we advise enforcing a plan through technology rather than relying on users. Microsoft releases Windows security updates for Intel CPU flaws, Microsoft PowerToys adds Paste as plain text and Mouse Jump tools, Microsoft Exchange Online outage blocks access to mailboxes worldwide, Windows 11 Moment 2 update released, here are the many new features, Microsoft Defender app now force-installed for Microsoft 365 users. In a blog post late Tuesday, Microsoft said Lapsus$ had. Microsoft was alerted by security researchers at SOCRadar about a misconfigured endpoint that had exposed some customer information. A configuration issue allowed customers to download Offline Address Books which contained business contact information for employees of other users inadvertently. Then, Flame returned a malicious executable file featuring a rogue certificate, causing the uninfected machine to download malware. The proposed Securities and Exchange Commission rule creates new reporting obligations for United States publicly traded companies to disclose cybersecurity incidents, risk management, policies, and governance. The screenshot posted to their Telegram channel showed that Bing, Cortana, and other projects had been compromised in the attack. 1. The issue arose due to misconfigured Microsoft Power Apps portals settings. Successfully managing the lifecycle of data requires that you keep data for the right amount of time. SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information. Dubbed BlueBleed Part 1, the Microsoft data leak exposed at least 2.4 terabytes of sensitive data belonging to 65,000 entities in 111 countries. However, its close to impossible to handle manually. UpdateOctober 19,14:44 EDT: Added more info on SOCRadar's BlueBleed portal.