Microsoft yesterday admitted to accidentally exposing sensitive customer data after failing to configure a server security. The involved files were exposed from 2017 to August 2022, including data such as:
Names
Email addresses
Email content
Company name
Phone numbers
In addition, Microsoft warned that the exposed data may include “attached files relating to business between a customer and Microsoft or an authorized Microsoft partner.”
SOCRadar claims that the sensitive data of over 65,000 entities in 111 countries on a misconfigured Microsoft server that had been left accessible over the internet.
What could possibly go wrong with that sort of info floating around for anyone to get access to?
“Given that Cloud server ‘misconfigurations’ are one of the most common root causes for the loss of personally identifiable information (PII), it is extremely important that organizations stay vigilant for any attempt to target them or their employees, especially through phishing attempts. While there is currently no evidence that the PII accessible from the server has been exploited in the wild, search tools such as the one referenced here are undoubtedly double-edged. At this time, the ‘BlueBleed’ site allows any authenticated user to search the data repository. With the news of this leak, it is essential that organizations look to additional security controls that operate in the inbox to identify targeted, socially engineered email attacks that are routinely missed by Microsoft’s native security controls.”
Posted in Commentary with tags Google on October 20, 2022 by itnerd
Today Google is announcing the launch of My Ad Center, which will start rolling out gradually to people globally. At Google I/O, they pre-announced My Ads Center, a new ads product that allows users to customize their ads and manage the information Google uses to personalize ads.
In addition to the features announced at I/O, the new features in the product include:
More controls for activities used to personalise ads: My Ad Center expands their privacy controls to allow users more direct control over which data sources, specifically Web & App Activity and YouTube History, are used to personalize your ads across Google Search, YouTube, and Discover
Expanding user control for sensitive categories: In My Ad Center, users have the ability to see fewer ads in five sensitive categories, including alcohol, dating, gambling, pregnancy and parenting, and weight loss. Before, this feature affected ads shown on YouTube and Display. Now, it expands to ads shown on Search and Discover
Advertiser pages: To give people even more transparency, Google is enhancing ad disclosures with new advertiser pages. Users can access these disclosures in the new My Ad Center panel and see the ads a specific verified advertiser has run over the past 30 days
The full blog with more details is available here.
Posted in Commentary with tags Scam on October 20, 2022 by itnerd
I woke up this morning to an email that is targeting me in a phishing scam. Which is really bizarre as I spend a lot of time and effort writing about and helping people deal with scams. Now I get that scammers don’t read this blog, and don’t know that I spend a lot of time and effort exposing their nefarious activities so that my readers don’t run afoul of scams. But it is still kind of bizarre when one hits my inbox. Especially since this specific scam leverages my email server:
Before I get into dissecting this phishing email, let me disclose something. I run my own email server and I have total control over it. That is part of the reason why I find this phishing email bizarre. Because this scam would lead me to believe that I was sending an email to myself as I am the administrator of this server and the user of the email account on this server.
In any case let’s walk through this email. It is using the following elements to get you to hand over your email credentials:
It claims that you have emails pending for delivery and you need to do something to get them into your inbox. It also claims that if you don’t take action “users” won’t be able to receive new messages, and you need to prevent that from happening. That’s the call to action so to speak in terms of getting you to buy into the scam.
It also claims that any emails that are in this state will be deleted in “1 day” and they will “delete the data 90 days later”. That’s to create a sense of urgency so that you fall for the scam.
So why would someone want me to hand over my email credentials? Simple, the scam is meant to be a gateway to allow the scammer to perpetrate identity theft or take over the mailbox to use it for some other fraudulent activity. Or they may be trying to simply drop malware on your system.
Your best advice is to never, ever click the links that are in an email like this. And if you have already trusted such an email and attempted to log-in with your account details via a third party site, you are strongly advised to immediately change the password within your email service.Then scan your computer for malware.
Speaking of the link, this was the link that was present behind the words “Recover Pending Messages to your Inbox”:
From what I can tell as a page never came up when I went to this link, it’s either trying confirm that the email address was live, or drop some malware onto my computer, or do something else evil. I cannot say for sure. But I took my own advice and changed passwords for the email accounts that are on this server just in case. I’ll be watching things very closely over the next little while to see if these threat actors do anything else as I have now made myself a bit of a honeypot for their activities. And if they do something interesting, you’ll be the first to know.
Posted in Commentary with tags Avanan on October 20, 2022 by itnerd
Researchers at Avanan, a Check Point Company, have discovered hackers are spoofing legitimate college student email accounts to send out larger BEC and credential harvesting campaigns.
In this attack, hackers compromise legitimate student email accounts to send out emails warning users of blocked messages that can only be released by clicking on the provided link. The link redirects victims onto a credential harvesting page that not only gives hackers access to key company information, but gives them the ability to send out even more attacks from the target account.
#Fail: Microsoft Admits To “Accidentally” Exposing Sensitive Customer Data
Posted in Commentary with tags Microsoft on October 20, 2022 by itnerdMicrosoft yesterday admitted to accidentally exposing sensitive customer data after failing to configure a server security. The involved files were exposed from 2017 to August 2022, including data such as:
In addition, Microsoft warned that the exposed data may include “attached files relating to business between a customer and Microsoft or an authorized Microsoft partner.”
SOCRadar claims that the sensitive data of over 65,000 entities in 111 countries on a misconfigured Microsoft server that had been left accessible over the internet.
What could possibly go wrong with that sort of info floating around for anyone to get access to?
John Stevenson, Product Director at Cyren had:
“Given that Cloud server ‘misconfigurations’ are one of the most common root causes for the loss of personally identifiable information (PII), it is extremely important that organizations stay vigilant for any attempt to target them or their employees, especially through phishing attempts. While there is currently no evidence that the PII accessible from the server has been exploited in the wild, search tools such as the one referenced here are undoubtedly double-edged. At this time, the ‘BlueBleed’ site allows any authenticated user to search the data repository. With the news of this leak, it is essential that organizations look to additional security controls that operate in the inbox to identify targeted, socially engineered email attacks that are routinely missed by Microsoft’s native security controls.”
SOCRadar, which has dubbed the data breach “BlueBleed”, has created a website where concerned companies can search to see if their data has been exposed. You might want to pay a visit to see if your company has been affected.
Leave a comment »