Ad Hoc News: Warning of "BlueBleed" data leak at Microsoft
by Tina Siering
Misconfigured Microsoft endpoint server publicly accessible via the Internet
In a blog post on 19.10.2022, Microsoft confirmed that sensitive customer data had been disclosed: Investigation Regarding Misconfigured Microsoft Storage Location.
The reason was a misconfigured Microsoft endpoint server that was publicly accessible via the internet. In total, it can be assumed that sensitive data from approximately 65,000 companies in 111 countries was publicly accessible. Security vendor SOCRadar had already tracked down the misconfigured server (dubbed "BlueBleed") in September and alerted Microsoft to the leak on 24 September 2022. Microsoft then immediately secured the affected server.
Customer data probably affected
Caused by an unintentional misconfiguration on an endpoint, the incident led to unauthenticated access to business transaction data between Microsoft (including leaked data from its analysis "Proof-of-Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/quotes, project details, PII (Personally Identifiable Information) and potential customer data (e.g. names, email addresses, email content, company names and phone numbers) and possibly attached files.
Meanwhile, the endpoint is only accessible with required authentication. Microsoft goes on to say that the internal investigation found no evidence that customer accounts or systems were compromised. Affected customers were notified directly of the incident.
More information and further links can also be found at: https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/.
We will publish further updates in this post on an ongoing basis.
Need help upgrading your IT security for 2022? Contact us!
Related articles
For several days now, there has been a strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide. We have also already identified successful attacks as part of our ACD monitoring. After infection, criminals can gain access to online banking accounts, leak user data, and reload further malware. As one measure to mitigate the risk, we urgently recommend adjustments to the Group Policy Objects (GPO).
Cybercriminals are true masters at constantly adapting their attack mechanisms to effective IT security measures. New tools and iterative changes to existing malware are used to mercilessly exploit security vulnerabilities. Among the numerous threats, ransomware stands out as one of the biggest. More and more companies have to face extortion Trojans. A completely new threat called LockFile now relies on intermittent encryption. LockFile not only encrypts much faster than previous ransomware, but also bypasses security solutions that work reliably. This article shows why criminals are increasingly relying on intermittent encryption and how companies should react to the new threat.
Read more … New ransomware trend: Why criminals increasingly rely on intermittent encryption
Due to the war in Ukraine, secion provides an assessment of the threat situation for companies and examines the question of whether increased Russian attacks on companies in Germany, Austria and Switzerland can be identified. There is currently no evidence of an acute increase in the threat posed by Russian state actors in Western Europe, but there is increased public awareness of these cyberattacks. In addition, "third-party actors" are creating a new dynamic.