Microsoft Exposed Customer Info in What Is Claimed To Be Biggest B2B Leak
Read also: Health insurance giant Medibank confirms major data breach, DeadBolt ransomware gang gets tricked by the police, and more.
Thursday, October 20, 2022
Microsoft exposed 2.4TB of sensitive data via a misconfigured server, researchers say
Security researchers have found that 2.4TB of sensitive data belonging to more than 65,000 entities across 111 countries has been exposed due to a misconfigured Azure Blob Storage bucket maintained by Microsoft. Files exposed in the leak, dubbed “BlueBleed,” included proof-of-execution and statement-of-work documents, signed customer documents, customer emails and asset documents and other information dated from 2017 to August 2022.
While Microsoft acknowledged the problem and secured the misconfigured endpoint, it said that “the scope of this issue was greatly exaggerated.” The tech giant explained that the issue was the result of “an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem.” The investigation into the breach found no evidence that customers or systems were compromised, Microsoft said.
Australian health insurance giant Medibank confirms major data breach
Medibank, one of Australia’s largest private health insurance providers, has admitted that some of its customer data may have been compromised in a major cybersecurity incident that took place last week.
In an update to its original statement the company said it has been contacted by a threat actor who claims to have stolen data from the company and wishes to negotiate about the alleged removal of customer data. Medibank has not shared information on the extent of the breach, but some media reports suggest that 200GB of data may have been stolen.
Medibank said the cybercriminal has provided a sample of records for 100 policies, which the company believes comes from its systems. The attacker also claims to have stolen other data, including related to credit card security, but this claim has not yet been verified by Medibank.
DeadBolt ransomware gang tricked into handing out over 150 decryption keys
The DeadBolt ransomware gang was swindled out of more than 150 decryption keys as a result of a scheme devised by The Dutch National Police.
The agency carried out its “scam” operation after learning that the Deadbolt gang was storing the decryption key inside the metadata of a Bitcoin transaction. Using this weakness, the police made several Bitcoin transactions with a minimum fee and then withdrew payments after receiving a decryption key. Alas, once DeadBolt ransomware operators realized they have been tricked they implemented additional level of protection and now require double confirmation before decryption keys would be released.
European police arrest over 30 suspected car hackers
31 suspected members of a car theft ring that used malicious software to steal keyless cars were arrested as part of a coordinated operation conducted by law enforcement agencies in France, Latvia, and Spain.
According to Europol, cyber thieves singled out keyless vehicles from two unnamed French manufacturers. To steal cars cyber criminals used fraudulent software marketed as an “automotive diagnostic solution,” which allowed them to open doors and start the ignition without the actual key fob.
The arrests included developers behind the malicious tool, its resellers and thieves who used the software to steal vehicles.
In related news, 75 alleged members of the “Black Axe” cyber crime ring that stole millions from its victims were arrested as a result of an Interpol-led effort dubbed “Operation Jackal,” with two individuals believed to be responsible for stealing $1.8 million from victims through online scams.
Transportation orgs in Ukraine, Poland targeted by new “Prestige” ransomware
Microsoft’ threat intelligence team has warned that a previously undocumented ransomware strain is targeting companies in transportation and logistic sector in Ukraine and Poland.
Dubbed “Prestige,” the new ransomware was first deployed on October 10 2022, with attacks taking place within an hour across all victims. Microsoft says the observed activity, which it is currently tracking as DEV-0960, was not connected to any known ransomware campaigns it tracks and differs from recent destructive attacks leveraging CaddyWiper or Foxblade (aka HermeticWiper) malware that have affected multiple critical infrastructure organizations in Ukraine over the last two weeks. The tech giant didn’t provide further details on how many organizations were impacted in the attacks, or what damage they caused.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
