Microsoft Data Leak, Student Loan Forgiveness Scams, Mexican Military Hack, Alder Lake Source Code Leaked, and More
Friday, October 21st, 2022
Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.
"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.
The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cybersecurity company SOCRadar, which termed the leak BlueBleed. Microsoft said it's in the process of directly notifying impacted customers.
The Windows makers did not disclose the scale of the data leak, but according to SOCRadar, it affects more than 65,000 entities in 111 countries. The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others. "The exposed data include files dated from 2017 to August 2022," SOCRadar said. Microsoft, however, has disputed the extent of the issue, stating the data included names, email addresses, email content, company name, and phone numbers, and attached files relating to business "between a customer and Microsoft or an authorized Microsoft partner." It also claimed in its disclosure that the threat intel company "greatly exaggerated" the scope of the problem as the data set contains "duplicate information, with multiple references to the same emails, projects, and users." On top of that, Redmond expressed its disappointment over SOCRadar's decision to release a public search tool that it said exposes customers to unnecessary security risks. SOCRadar, in a follow-up post on Thursday, likened the BlueBleed search engine to data breach notification service "Have I Been Pwned," enabling organizations to search if their data was exposed in a cloud data leak. The cybersecurity vendor also said it has temporarily suspended any BlueBleed queries as of October 19, 2022, following Microsoft's request."Microsoft being unable (read: refusing) to tell customers what data was taken and apparently not notifying regulators – a legal requirement – has the hallmarks of a major botched response," security researcher Kevin Beaumont tweeted. "I hope it isn't." Beaumont further said the Microsoft bucket "has been publicly indexed for months" by services like Grayhat Warfare and that "it's even in search engines." There is no evidence that the information was improperly accessed by threat actors prior to the disclosure, but such leaks could be exploited for malicious purposes such as extortion, social engineering attacks, or a quick profit. "While some of the data that may have been accessed seems trivial, if SOCRadar is correct in what was exposed, it could include some sensitive information about the infrastructure and network configuration of potential customers," Erich Kron, security awareness advocate at KnowBe4, told The Hacker News in an email. "This information could be valuable to potential attackers who may be looking for vulnerabilities within one of these organizations' networks."
https://thehackernews.com/2022/10/microsoft-confirms-server.html
https://socradar.io/labs/bluebleed
Scammers Targeting Those Seeking Student Loan Forgiveness
Fraudsters are contacting people through email, text, phone, and online claiming to be administrators for the Federal Student Loan Forgiveness Program in an effort to steal personally identifiable information, the FBI warned this week.
In late August, the Biden Administration announced that the US Department of Education would cancel up to $20,000 in student loans per borrower.
The FBI says anyone contacted by someone purporting to be working for the federal student loan forgiveness program should not provide any sensitive personal data, particularly any payment information.
"Cybercriminals and fraudsters use their schemes to receive payment for services they will not provide or collect victim information they can then use to facilitate a variety of other crimes," the FBI announcement said. "Entrance into or assistance with any federal student aid program through the Department of Education or their trusted partners never requires payment."
Hack Into Mexican Military Systems Having a Ripple Effect
Last month, an activist group named Guacamaya infiltrated the computer network of Mexico’s Department of Defense [SEDENA]. The group claimed to have stolen 4 million documents / 6TB of data from SEDENA’s servers. Guacamaya has been steadily leaking documents that allege Mexican soldiers have supplied military-grade equipment to Mexico’s cartels for several years. Yesterday, Mexico’s President took some heat rounds from critics who are questioning why Mexico Defense Ministry officials are refusing to answer questions related to the leaked information (the activists likely goal).
https://news.yahoo.com/mexico-president-backs-defense-ministrys-204103153.html
https://news.yahoo.com/mexico-military-hack-shows-revelations-160034245.html
New Mexico Licensing Office Hit By Cyberattack
Even though New Mexico is a sparsely populated state (only 2.1 million residents living in America’s 5th largest state), hackers have kept the western state in its crosshairs. Last week, hackers hit the NM Regulation and Licensing Department network. The agency issues/manages professional licenses required by state law for thousands of LLCs and businesses to legally operate – as such, its network stores a vast amount of PII for upwards of 500k citizens and businesses. The investigation is ongoing.
https://www.abqjournal.com/2540107/new-mexico-licensing-department-subject-of-cyber-attack.html
Data Breach Hits Tucson Residents
Tucsonans (i.e. residents of Tucson, AZ) are seeing data breach notification letters hitting their mailboxes. Between 17 and 31 May 2022, hackers snuck into the city’s computer network and potentially stole PII for 123,513 city residents. The intrusion was detected on 12 Aug 2022, but the notification letters didn’t start getting mailed out until 29 Sep 2022.
Hackers Leak Sensitive CPU Source Code
Computer technology companies remain a desirable target for hackers – a fact that one of America’s oldest and best known companies is painfully aware of. Last week, source code for the company’s 12th generation CPU chip was linked on two popular Internet sites. The CPU had been officially released by the tech giant in November 2021. As one can imagine, the cost to develop/perfect/manufacture a new CPU is immense - and a CPU’s source code is a boon for hackers.
https://thehackernews.com/2022/10/intel-confirms-leak-of-alder-lake-bios.html?&web_view=true