Tag: Breach

Storm-0501: Unveiling the Tactics Behind Multi-Stage Hybrid Cloud Attacks

Posted on by Srishti Chaubey

Introduction

The global cloud services market, valued at $551.8 billion in 2021, is projected to reach $2.5 trillion by 2031. This explosive growth makes cloud environments a prime target for cyber criminals. One such group is Storm-0501, an extortion-orientated cyber crime group that’s been conducting multi-stage attacks against hybrid cloud environments in government, manufacturing, transportation, and law enforcement. Since its inception in 2021, Storm-0501 has changed its operations, shifting from targeting U.S. school districts to running RaaS operations. This blog post explains the tactics, techniques and procedures (TTPs) of the group to help improve organizational defenses with mitigation strategies.

Storm-0501 TTPs: Steal Technique

Initial Compromise and Discovery

Storm-0501 has traditionally obtained initial access using compromised credentials or exploitation of known vulnerabilities in systems with widespread use. In a recent campaign, Storm-0501 exploited known vulnerabilities in Zoho, ManageEngine (CVE-2022-47966), Citrix, NetScaler (CVE-2023-4966), and ColdFusion (possibly CVE-2023-29300 or CVE-2023-38203). After gaining entry into the target network, it conducts extensive exploration using several tools to find high-value assets, obtain credentials, and increase privileges.

Lateral Movement and Credential Theft

Storm-0501 uses Impacket’s SecretsDump and Cobalt Strike to move laterally across the network grabbing credentials to compromise additional devices. They target the administrative accounts, mostly utilizing password reuse or weak credentials, accessing both their on-premises and cloud environments. Using cloud session hijacking, especially in Microsoft Entra, they establish persistent backdoor access into the target systems.

From Ground to Cloud: Storm-0501’s Cross-Environment Exploits

One of the most significant tactics Storm-0501 uses is the exploitation of the Microsoft Entra Connect Sync service by doing synchronization of credentials between the on-premises AD and cloud. The attackers escalate the privileges in both environments after compromising the sync accounts to have control over the cloud environment and for a persistent backdoor for the next attack.

Storm 0501 Exploit
Credit: Microsoft

Aftermath of the Storm-0501 Attack

The aftermath of a Storm-0501 attack can be devastating, with the group often gaining control over both on-prem and cloud environments, exfiltrating sensitive data, deploying ransomware, and tampering with security products to avoid detection. The threat will only increase with the new deployment of Embargo ransomware, where victim data is encrypted and sensitive information leaked unless a ransom is paid.

Such attacks would lead to the stealing of credentials, data breaches, service disruptions, and heavy financial losses. Storm-0501 pays extra attention to sensitive sectors such as hospitals, which raises stakes not only on data security but also public safety.

Mitigation

Hybrid Cloud Security Enhancement

While Microsoft has implemented restricted permissions on DSA roles in Entra Connect Sync and Entra Cloud Sync, defending Storm-0501 needs a robust, multi-layered approach. Conditional Access policy can further harden access to cloud services from non-verified devices and locations as a risk mitigation approach.

Harden Cloud Security Measures

Even solutions proposed by today’s market leaders such as Microsoft are still often based on passwords in most cases and, hence, would probably fail to deliver proper authentication in a much-enlarged, cloud-to-on-premises environment. Therefore, organizations should embrace solutions such as PureAUTH IAM Firewall that come with the strongest security and reliability against attacks exploiting credentials and even zero-day vulnerabilities. Built on a zero-trust architecture, it provides reliable, passwordless protection, further enhancing resilience against sophisticated threats.

Conclusion

Organizations need to move away from convenient and conventional IAM solutions and start interacting with leading edge defenses, such as passwordless authentication. Enhancing cloud security policies and infrastructure defenses will enable enterprises to withstand new cyber threats.

Solutions like PureAUTH will help organizations build a far more robust infrastructure that is not only adaptable but will also neutralize the most sophisticated cyber threats in existence.

Read Also

Microsoft Entra ID Vulnerabilities: Pass-Through Authentication Risks

Storm-0501: Ransomware attacks expanding to hybrid cloud environments

The achilles’ heel of cloud security: Why two-factor authentication isn’t enough

Disney Leaves Slack: A Strategic Retreat

Posted on by Srishti Chaubey

Walt Disney Co. is transitioning away from Slack after a serious data breach. The breach, which occurred in July 2024, compromised more than 1.1 terabytes of confidential data. This incident included 44 million messages and inside information about various projects at Slack. According to a news article in The Wall Street Journal, Disney has decided to shift to new corporate-wide communication software before the end of its fiscal year.

Credit: Bleeping Computer

Why Disney Is Getting Off Slack

The NullBulge hack led Disney to move away from Slack. Hackers accessed thousands of internal channels, exposing unreleased projects, login credentials, and sensitive corporate data. This breach highlighted Slack’s vulnerability, especially due to weak employee security practices like not using robust authentication.

Disney’s decision isn’t just a reaction to the breach but a preventive step to reduce reliance on a platform that became a weak link in its cybersecurity. By switching to streamlined collaboration tools, Disney aims for platforms that offer tighter security and better integration with its IT systems.

History of Breaches at Disney

This is not the first time that the House of Mouse has faced a breach. In July 2024, Disney suffered a breach that exposed over 1.1TB of sensitive data, including 44 million messages, 18,800 spreadsheets, and internal project details. Several months ago in early June 2024, hackers targeted the Club Penguin Confluence server and led to leaking of 2.5 GB of data and information related to the company’s legacy operations.

Credit: Bleeping Computer

Mitigation and Prevention: Enhancing Your Security Position

To prevent future incidents, companies like Disney harden up their security approach. One of these approaches involves using zero-trust products, where all actions are considered to be malicious unless proved otherwise and authenticated. The shift away from Slack for Disney should be used as an opportunity to have stronger encryption and more secure, decentralised methods of communication in a place.

Despite the risks, companies often prioritise familiar tools like Slack for their ease of use. Employees enjoy the convenience of SSO and real-time communication. However, this same ease of use can make these platforms vulnerable to attacks, as Disney’s breach demonstrated. Companies often avoid stricter security measures, such as multi-factor authentication (MFA), due to perceived inconvenience. This balance between convenience and security is where many organizations falter.


PureAUTH on the other hand, offers one-click access through passwordless authentication, which is friendly and secure.

Conclusion : One Move Toward Collaboration Over A Secure Platform

As Disney steps away from Slack, this highlights an emerging trend: companies must prioritise security in their collaboration tools. Convenience is awesome, but so is the robust security against emerging threats. PureAUTH balances convenience with the protection required to secure company data. If Disney had solutions like PureAUTH, then the breach might have been far less effective. As companies rethink their internal platforms for communication, the lesson is stark: security and usability are not mutually exclusive with PureAUTH. #gopasswordless

Read Also

Disney to ditch slack following July Data Breach

Fortinet Data Breach: Insights and Implications for Cloud Security

Posted on by Srishti Chaubey

Introduction

Fortinet recently experienced a data breach with 440GB of stolen files. This incident underscores the critical importance of securing data in third-party cloud environments. In this blog, we dive into the details of the Fortinet breach, its implications, and why moving towards passwordless authentication is an essential step for enhancing security.

The Fortinet Breach: A Detailed Overview

Fortinet, renowned for its comprehensive cybersecurity solutions, has confirmed a significant data breach. The hacker, using the name “Fortibitch,” claimed to have exploited an Azure SharePoint vulnerability to steal 440GB of data in this breach, dubbed “Fortileak“.

Fortinet data breach: Fortibitch
Credit: Hackread.com

How the Breach Happened

According to reports, the breach involved unauthorised access to Fortinet’s Azure SharePoint instance. The hacker provided credentials to an Amazon S3 bucket where the stolen data was allegedly stored. The leaked data included customer information and various corporate documents.

Fortinet confirmed the breach involved less than 0.3% of its customer base, affecting a limited number of files. The company assured stakeholders that there was no evidence of malicious activity affecting its operations or services. No ransomware was deployed, and Fortinet’s corporate network remained secure.

The Response from Fortinet

Fortinet acted swiftly to mitigate the impact of the breach. The company engaged in immediate containment measures, including terminating the unauthorised access and notifying affected customers. They also worked with law enforcement and cybersecurity agencies to address the situation.

In their update, Fortinet emphasised that the breach did not involve data encryption or ransomware. The company’s operations and financial performance remain unaffected, with no significant impact reported.

Key Takeaways and Security Lessons

This incident highlights several critical lessons for organisations:

1. Secure Cloud Environments

The Fortinet breach underscores the need for robust security measures around cloud-based environments. Companies must properly configure their cloud storage solutions and actively protect them against unauthorized access.

2. Implement Strong Access Controls

Using multi factor authentication (MFA) is minimum, but given the MFA are also getting bypassed, more secure authentication like PureAUTH is highly recommended

3. Continuous Monitoring and Response

Proactive monitoring of cloud assets and rapid response to security incidents are essential for minimising the impact of breaches. Organisations should have incident response plans in place to handle such situations effectively.

Embracing Passwordless Authentication for Enhanced Security

As demonstrated by the Fortinet breach, traditional security measures, including passwords and MFA, are increasingly inadequate. The shift towards passwordless authentication offers a more secure and resilient alternative.

Passwordless authentication solutions like PureAuth provide a breach-resilient architecture by leveraging advanced cryptography and just-in-time access. This approach significantly reduces the risk of third-party breaches and enhances overall security. Key benefits include:

  • Breach Resilience: PureAuth’s architecture is designed to withstand breaches by eliminating the reliance on passwords and minimising attack vectors.
  • Flexible Security Measures: We work with you to design fallback and recovery mechanisms, ensuring uninterrupted access to enterprise resources.
  • Ongoing Support: Comprehensive breach support is available to address any issues that arise.
Fortinet data breach: Embracing passwordless authentication

Transitioning to passwordless authentication is no longer just a best practice but a necessity for enterprises aiming to protect critical assets. Passwords and traditional 2FA/MFA methods are becoming increasingly inefficient and insecure. Adopting a passwordless approach enhances security, simplifies access management, and aligns perfectly with modern cybersecurity needs.

Conclusion

The Fortinet data breach serves as a stark reminder of the evolving threats in the cybersecurity landscape. While Fortinet’s response has been commendable, organisations must take proactive steps to safeguard their data, especially in cloud environments. Moving towards passwordless authentication solutions like PureAuth offers a forward-thinking approach to security, addressing the limitations of traditional methods and providing a more resilient defence against breaches.

For enterprises looking to enhance their security posture, embracing passwordless authentication is not an option—it is a necessity. Ensure your organisation is equipped to handle the future of cybersecurity with advanced, breach-resilient solutions. #gopasswordless

Critical Vulnerabilities in SolarWinds Web Help Desk and the Essential Hotfixes

Posted on by Srishti Chaubey

SolarWinds’ Web Help Desk, a widely used IT management software, recently faced severe security challenges. These vulnerabilities, if left unpatched, could expose organizations to significant risks. The latest updates have addressed these flaws, but understanding their impact and the necessary steps for mitigation is crucial.

The Gravity of the Situation

Two major vulnerabilities—CVE-2024-28986 and CVE-2024-28987—were discovered in SolarWinds’ Web Help Desk (WHD). These issues were severe enough to warrant critical CVSS scores of 9.8 and 9.1, respectively.

The first, CVE-2024-28986, is a remote code execution (RCE) vulnerability caused by a Java deserialization flaw. If exploited, it allows an attacker to execute arbitrary commands on the affected host. Despite initial reports suggesting the vulnerability could be exploited without authentication, SolarWinds could only reproduce it after authentication. Nonetheless, due to the severity, SolarWinds issued a hotfix and strongly urged all users to apply it immediately.

The second vulnerability, CVE-2024-28987, is particularly concerning. It involves hardcoded credentials within the Web Help Desk software. This flaw enables unauthenticated attackers to log into vulnerable systems, access internal functionalities, and potentially modify sensitive data. Given the widespread use of Web Help Desk across various sectors, including government, healthcare, and education, the implications of such a flaw are far-reaching.

SolarWinds’ Response and Hotfixes

SolarWinds responded quickly to these vulnerabilities by releasing Web Help Desk 12.8.3 Hotfix 2. This hotfix addresses both the RCE vulnerability and the hardcoded credential issue. It also restores functionality compromised in earlier patches, ensuring the software operates securely and efficiently.

For those managing the Web Help Desk, applying this hotfix is not just recommended but essential. The installation process, though manual, is straightforward, involving the replacement of specific files within the Web Help Desk directory. SolarWinds provides detailed instructions to ensure administrators can apply the fix without disrupting their systems. Creating backups before modifying files is crucial, allowing for a quick rollback.

The Importance of Immediate Action

The recent history of SolarWinds, particularly the infamous breach involving its Orion software, underscores the need for prompt and decisive action in the face of security vulnerabilities. The company’s IT products are critical infrastructure components for many organizations. Leaving these vulnerabilities unpatched could lead to severe consequences, including unauthorized access, data breaches, and potentially devastating operational disruptions.

Given that these vulnerabilities are now known and patches are available, malicious actors are likely scanning for unpatched systems. Organisations must prioritise the application of these hotfixes to protect their IT environments and data.

The Need for Enhanced Security Measures

The recurring vulnerabilities in SolarWinds products serve as a stark reminder of the importance of proactive security measures. One crucial step is the adoption of passwordless authentication systems. Hardcoded credentials, as seen in CVE-2024-28987, pose a significant security risk. Credentials, in general, are a weak point in many systems, often becoming targets for exploitation.

By implementing passwordless solutions like PureAuth, organizations can significantly reduce the attack surface. Passwordless systems eliminate the need for traditional credentials, replacing them with more secure authentication methods such as biometrics or hardware tokens. This not only enhances security but also improves the user experience by streamlining the login process.

Conclusion

SolarWinds Web Help Desk has been a reliable tool for many organizations, but these recent vulnerabilities highlight the ongoing security challenges in software development. By staying vigilant and promptly applying security patches, organizations can mitigate risks and continue to benefit from the functionality provided by the Web Help Desk. The critical nature of the CVEs discussed cannot be overstated, and the onus is on system administrators to act swiftly and decisively.

For more detailed coverage of SolarWinds’ security challenges, visit BleepingComputer and PureID’s analysis. The journey to a more secure environment begins with proactive steps, and passwordless authentication is a crucial part of that journey.

New York Times Source Code Leak

Posted on by Srishti Chaubey

Introduction

The New York Times recently experienced a significant security breach, leading to the leak of their source code. This breach was initiated through an exposed GitHub token, allowing unauthorised access to their repositories

How It Happened

An anonymous hacker posted the New York Times’ source code on 4chan. The breach occurred due to an exposed GitHub token, which provided access to over 5,000 repositories, totalling 270 GB of data. The stolen data included sensitive and proprietary information.

Response from The New York Times

The New York Times confirmed the breach and revealed that a credential was inadvertently exposed in January 2024. They quickly addressed the issue, emphasising that their systems remained non-compromised and their operations unaffected. However, this incident highlights the critical need for stringent security measures.

Implications of the Leak

The breach exposed vast amounts of data, including source code for various projects. This poses significant risks for the New York Times, including potential security vulnerabilities and intellectual property theft. The leaked data also included uncompressed tar files, with the hacker urging users to seed due to potentially insufficient seed-boxes. Reactions ranged from disbelief at the volume of repositories to jokes about the newspaper’s digital complexity.

Connection to Disney Leak

Just days before, another breach occurred involving Disney’s internal servers. A hacker associated with the defunct game Club Penguin leaked 2.5 GB of sensitive data, including corporate strategies and internal emails. This shows a disturbing trend of high-profile data breaches. The Disney breach exploited Confluence servers via exposed credentials, further emphasising the need for robust security practices.

Conclusion

This incident underscores the critical importance of securing access tokens and implementing robust security measures to prevent unauthorised access to sensitive information. As cyber threats evolve, organizations must remain vigilant and proactive in safeguarding their digital assets. Securing the CI/CD Pipeline should be a priority for every organization and PureID’s CASPR can be a game-changer.

SnowBall effect of Snowflake Breach

Posted on by Srishti Chaubey

Executive Summary

Snowflake an American cloud computing–based data cloud company, identified a breach in June 2024, which had far-reaching implications for various organisations. Attackers exploited stolen credentials from a Snowflake employee, enabling unauthorised access to sensitive customer data, including credentials and access tokens. This breach was exacerbated by bypassing Okta’s security measures, allowing the attackers to generate new session tokens and access extensive customer data without detection.

Key Affected Customers:

Attack Method

  • Credentials Theft: Initial access through compromised employee credentials
  • Bypass Mechanism: Circumvention of Okta Security Protocols
  • Exploitation: Generation of new session tokens to access databases and steal data
Attack Path Diagram
Credit: The Hacker News

The Domino Effect

The Snowflake breach has created a domino effect, where the initial compromise has led to multiple subsequent breaches. This incident mirrors the earlier Okta breach,, where attackers leveraged stolen credentials to infiltrate various organizations.

Domino Effect of Snowflake Breach

Companies affected include:

  • Ticketmaster: Reported unauthorised access to sensitive data.
  • Advance Auto Parts: Experienced data theft, with stolen information now for sale on dark web marketplaces.
  • Santander Bank: Compromised customer data led to financial and reputational damage.
  • Hugging Face, Quote Wizard, Lending Tree: Also reported breaches, with more organizations likely to follow .

Inherent Weaknesses in Traditional IAM Solutions

Password + MFA Based Authentication:

  • Reliance on passwords makes systems vulnerable to phishing and credential theft.
  • Multi-Factor Authentication (MFA) is often ineffective as attackers can bypass Password + MFA protection mainly by phishing or using a compromised device.
  • Social Engineering attacks have shown that phishing resistant MFA like FIDO keys, & passkeys can prove to be ineffective & can be easily disabled or reset.

IAM Blind Spots:

Apart from reliance on vulnerable passwords for identifying user. The existing IAM solutions are blind to following risks

  • Connection Risk – Traditional IAM solutions lack visibility of user connections. They cannot know whether an authentication request is coming from an authorised actor or an attacker in the middle.
  • User’s Device Risk – They also do not account for the type & security posture of user’s devices, leaving systems exposed to malware and remote monitoring, as seen in the Uber incident.

Impact Assessment

The Snowflake breach is termed as the biggest data breach so far and it’s cascading effect has led to numerous organisations reporting security incidents & data breach. 

The amplification effect could potentially lead to a vast number of downstream breaches, escalating the overall impact.

Impact of Snowflake Breach
Credit: XQ

Towards a Secure Future

Challenges with Current Solutions:

  • Time and again Password + MFA based systems are proven to be ineffective against simple attacks like phishing & social engineering.
  • There is a pressing need for more robust authentication mechanisms.

Protect your Enterprise, #GoPasswordless with PureAUTH

FIDO Solutions like Passkeys and hardware tokens focus on giving users a passwordless experience keeping the passwords on the server as the primary way to identify and authenticate users.

PureAUTH Platform on the other hand provides a comprehensive passwordless approach, eliminating the passwords from server side & not just from user side. PureAUTH is the only solution that protects an organisation against phishing, social engineering, frauds & all types of credential-based attack.

To learn more about PureAUTH & how it protects your existing IAM systems like Okta, OneLogin, CISCO Duo, or Azure AD in just 60 minutes at Zero Cost – get in touch with us

Related Blogs

Okta Warns Customers of Credential Stuffing Attacks

Unpacking Okta’s Recent Security Breach

Cisco VPNs Suffer Brute Force Attacks : Here’s Your Shield!

Posted on by Srishti Chaubey

Cisco recently issued a warning about large-scale brute-force attacks targeting VPN and SSH services on Cisco and other devices worldwide. These attacks pose significant risks to enterprise security, necessitating immediate action.

Hacker can login to VPN with stolen credentials

Cisco Warning and Compromised Services

Cisco Talos reports a surge in brute force attacks since March 18, 2024, targeting VPN services. These assaults exploit vulnerabilities in traditional password-based authentication, compromising network integrity. The known affected services are following:

  • Cisco Secure Firewall VPN 
  • Checkpoint VPN  
  • Fortinet VPN  
  • SonicWall VPN  
  • RD Web Services 
  • Miktrotik 
  • Draytek 
  • Ubiquiti 

History: Not so Private Virtual Private Networks

If you are here reading this blog, you know the drill. Maybe a password is slipped in code, spoofed, phished, whaled, 2FA or MFA is breached, or even a vendor is breached, and your organization and user information lies in the hands of a threat actor. According to an HBR Report “The FBI regards a cybersecurity breach at every organization—including yours—as a matter not of ‘if,’ or even ‘when,’ but ‘how often.'”

Most often then not, these threat actors will siege your assets, ask for ransom and cause a lot of trouble. Two out of Three organizations, without a regard of size, have faced ransomware in 2023. Beyond the cost of expenses, including, potentially, the ransom itself, downtime averages $365,000 an hour in revenue loss. When you consider that the average recovery time is three weeks, it becomes clear how devastating these attacks can be.

In our previous blog we have discussed VPN breaches in detail. Anyhow, here’s some compact data for you.

Affected EntityRoot CauseImpact
Avast AntivirusStolen credentialsAdversaries modified the CCleaner distributed by Avast .
Lockheed MartinCVE-2011-0609Critical data related to the defence contracts leaked.
Pulse SecureCVE-2019-115101000 enterprises are at risk of ransomware attacks.
Ukraine Power gridMalwarePower grid taken offline leading to no electricity for thousands.
List of the most serious VPN attacks due to stolen credentials

Brute Force Attacks

Brute force attacks involve systematically trying multiple username-password combinations until the correct one is found. Attackers leverage proxies like TOR, VPN Gate, IPIDEA Proxy etc to conceal their origins, intensifying the challenge of detection.Password spray attacks, on the other hand, target numerous accounts with commonly used passwords, increasing the likelihood of success.

Your Knight in Passwordless Armour – PureAuth

In light of escalating threats, enterprises must prioritise the adoption of passwordless VPN solutions. Embracing innovative authentication mechanisms ensures a resilient defence against evolving cyber threats.

Passwordless Authentication in popular VPN by PureAuth
VPNs you can make Passwordless

Transitioning to passwordless VPN systems offers a robust defence against brute force attacks. By eliminating passwords, these systems thwart credential stuffing attempts, enhancing overall security.

Conclusion

In the face of mounting VPN vulnerabilities, the imperative to transition to passwordless systems cannot be overstated. By embracing advanced authentication methods, organisations can fortify their defences against brute force attacks, safeguarding critical assets and data.

Read Also

Your 1st Step to #GoPasswordless

Credential stuffing Attacks on VPN: Serious Risk for Enterprise

Google 2FA Breach: Rethink Authentication Security

Posted on by Srishti Chaubey

In today’s digital landscape, safeguarding our online presence is paramount. Two-factor authentication (2FA) has emerged as a crucial tool in this endeavour. Platforms like Google and Facebook offer 2FA to bolster account security. However, there have been multiple incidents revealing vulnerabilities in this system, prompting concerns among users.

The Case of the Bypassed 2FA

Recent reports unveiled breaches in Gmail and YouTube accounts despite 2FA activation. This revelation underscores a fundamental truth: security with passwords, along with 2FA or MFA is fallible. Hackers continuously adapt their tactics, exploiting weaknesses even in trusted systems like 2FA.

Credit : Forbes

Understanding the Bypass

While the exact method remains undisclosed, hackers may employ various strategies to circumvent 2FA. According to Forbes, It’s probable that these users fell prey to what’s known as a session cookie hijack attack. Typically initiated through a phishing email, hackers direct victims to a counterfeit login page. Upon entering their credentials, users are prompted to complete a simulated 2FA challenge, which they unwittingly comply with.

The Role of Vigilance

Despite these challenges, I would personally suggest moving away from systems that solely rely on 2FA for authentication. But in the extreme case where abandoning 2FA is not the solution, users must adopt additional measures to enhance their security posture.

Secure Alternative to 2FA/MFA

As we have seen numerous instance of 2FA & MFA getting by passed, enterprises need better methods to secure access to their resources. PureAUTH Secure IAM platform provides Zero Trust -Passwordless access and protects enterprises from following type of attacks

  1. Password Spraying & brute forcing attacks
  2. Credential Phishing, Push fatigue and Adversary in the middle attacks
  3. Public Key replacement attacks targeted at solutions using Public Key based authentication like FIDO keys
  4. Social Engineering attacks to reset user credentials and reset or disable MFA/2FA
  5. Abuse of shared credentials or leaked credentials and in general credential stuffing attacks

Elevating Security: Going Beyond 2FA

Security is an ongoing journey, requiring a multifaceted approach. While the challenges of bypassing 2FA are evident, there’s a growing trend towards passwordless authentication methods. Embracing secure identity and access management technologies, adopting a zero-trust architecture are some promising alternatives. By adapting these alternatives and staying vigilant, users can reinforce their online security against the ever-evolving tactics of cyber criminals.

PureID offers solutions that curate a robust defence against unauthorised access, heralding a more secure digital future for organizations. Embrace the resilience of passwordless authentication, reinforce your security posture with PureID, and navigate the cybersecurity landscape with renewed strength. The journey continues—Passwordless Authentication awaits.

Read Also

Breach Chronicles: MongoDB’s Unsettling Security Saga Unfolds

Passwords Leaked : Microsoft in Trouble

Posted on by Srishti Chaubey

Introduction

Recent reports unveil a significant data breach at Microsoft, exposing employee passwords and confidential corporate data to the internet. This breach underscores the pressing need for robust cybersecurity protocols and heightened vigilance to safeguard sensitive information.

Microsoft: Passwords Exposed Online
Credit: Business Today

About the Breach

Security researchers from SOCRadar (Can Yoleri, Murat Özfidan and Egemen Koçhisarlı )discovered an open and public storage server on Microsoft’s Azure cloud service. This server was housing internal data related to the Bing search engine. Left unprotected, it exposed code, scripts, and configuration files containing credentials used by Microsoft employees to access internal systems.

Data Exposure

The exposed data poses severe risks, potentially granting malicious actors access to other confidential files within Microsoft’s network. The lack of password protection on the server facilitated easy access to sensitive information, raising concerns about cybersecurity vulnerabilities.

Response and Resolution

The researchers promptly notified Microsoft of the vulnerability in February, prompting the company to secure the exposed server by March. However, the duration of the data exposure and the extent of unauthorised access remain unclear.

In a statement shared after publication on 10th April, Microsoft’s Jeff Jones said: “Though the credentials should not have been exposed, they were temporary, accessible only from internal networks, and disabled after testing. We thank our partners for responsibly reporting this issue.” But Microsoft has yet to issue an official statement addressing the breach.

Breach History: The latest addition to a series of “Mishaps”


Microsoft has faced numerous security breaches, like the ‘Summer 2023 Exchange Intrusion,’ where hackers accessed mailboxes of 22 organizations and 500 individuals, including senior US government officials. The company’s lax corporate culture and failure to prioritise security investments were criticised by the US Cyber Safety Review Board. Recent oversights, like mislabelling CVEs in Patch Tuesday releases, exposed gaps in Microsoft’s security protocols. Last year, researchers found that Microsoft employees were exposing their own corporate network logins in code published to GitHub.

Conclusion

As Microsoft grapples with the aftermath of this data breach, it highlights the ongoing battle against evolving cybersecurity threats. Human error is inevitable, and we require systems that are error-proof to avoid such breaches occurring in the future. By embracing secure identity and access management technologies, such as passwordless authentication, organizations can significantly reduce the risk of security lapses and enhance overall cybersecurity posture.

Read Also

Microsoft Reveals Russian Hack: Executive’s Emails Compromised

Securing Cloud Environments: Lessons from the Microsoft Azure Breach

BoAt Lifestyle: Understanding the Data Breach

Posted on by Srishti Chaubey

Introduction

A recent data breach has shaken boAt, a leading manufacturer of audio products and smartwatches. The personal data belonging to over 7.5 million customers of boAt is getting sold for 2 euro only. This breach highlights the critical need for robust security measures and the adoption of zero trust architecture to protect customer data effectively.

About the Breach

A hacker named “ShopifyGuy” claimed to have leaked personal data of over 7.5 million boAt customers on the dark web. The compromised information includes names, addresses, contact numbers, email IDs, and customer IDs, posing severe risks to customer privacy and security.

Data Loss

The leaked data, totaling approximately 2GB, exposes boAt customers to potential financial scams, identity theft, and phishing attacks. Threat actors could exploit this information to conduct fraudulent activities, posing significant threats to individuals’ financial and personal well-being.

Credit : TOI

Aftermath

The aftermath of the data breach includes a loss of customer confidence, legal consequences, and reputational harm for boAt. Prompt action is necessary to mitigate risks and restore trust among affected customers.

Strengthening Data Security: The Role of Zero Trust Architecture

In preventing data breaches like the one experienced by boAt, adopting a zero-trust architecture proves crucial. By implementing strict access controls, continuous monitoring, and privilege access policies, organizations can reduce the chances of unauthorised access and mitigate the risks associated with potential breaches.

With these proactive measures, boAt and other organizations can better safeguard customer data and maintain trust in an increasingly digital world.

© 2024 | PureID. All Rights Reserved

Privacy & Terms | Licenses