Search This Blog

Showing posts with label SOC. Show all posts

Microsoft Reveals 65,000 Companies' Data Breach


In response to a security breach that left an endpoint freely available over the internet without any authentication, Microsoft this week acknowledged that it unintentionally exposed data related to customers.

The IT giant was contacted on September 24, 2022, when the cybersecurity intelligence company SOCRadar identified the data leak.

2.4 TB of privileged data, such as names, phone numbers, email addresses, company names, and connected files containing information like proof-of-concept documents, sales data, and product orders, may have been exposed due to a compromised Azure Blob Storage, according to SOCRadar, which claims to have informed Microsoft upon its findings.

Microsoft highlighted that there was no security flaw to blame for the B2B leak, which was "generated by an unintended misconfiguration on an endpoint that is not used across the Microsoft ecosystem." However, Microsoft has contested the scope of the problem, claiming that the information in question included names, email addresses, email content, company names, contact numbers, and attached files pertaining to transactions between such a user and Microsoft or an authorized Microsoft partner.

Organizations can find out if their data were exposed thanks to a website called BlueBleed that SOCRadata set up. "According to our study, the leak, known as BlueBleed Part I, contains crucial data that belongs to more than 65,000 companies from 111 countries. So far, the leaks have exposed 548,000 individuals, 133,000 projects, and more than 335,000 emails," as per the SOCRadar researchers. 

Additionally, Redmond highlighted its dissatisfaction with SOCRadar's choice to make a public search function available, claiming that doing so exposes users to unnecessarily high-security risks.

In a follow-up post published on Thursday, SOCRadar compared the BlueBleed search engine to the 'Have I Been Pwned' data breach notification tool, presenting it as a way for businesses to determine whether their data had been compromised in a cloud data leak.

The research company maintains that it did not violate any privacy policies while conducting its investigation and that none of the data it found were saved on its end. According to SOCRadar's VP of Research and CISO Ensar Eker, "No data was downloaded, Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been given so far. All this crawled data was erased from our servers."

Microsoft has not yet made any specific figures concerning the data breach available to the public.

Bharti Airtel on cyber high alert - upgrades security measures

New Delhi: Bharti Airtel, India's major telecom service provider has upgraded it's cyber security to a higher threat level for the next week in the aftermath of various cyber attacks.

They have increased their SOC (System On Chip) to withstand upcoming attacks and are working on eliminating any vulnerability that could welcome an attack.

  "We have come across media reports on the potential surge in cyber-attacks such as DDoS, Malware attacks, and defacement of websites. We have also witnessed an increase in such Cyber activity during our security operations. These attacks threaten to not only disrupt critical business operations but also impact your brand’s reputation," Airtel said in communication with their many enterprises.

  Airtel that associates and work with half a million small-medium enterprises and 2000 large enterprises has communicated the security concern and requested them to take preventive measures as well.

And Airtel is not wrong in estimating the risk; CERT-In, cybersecurity agency warned of probable large scale phishing attacks.

  The odds are against Airtel as the current vista is not looking very hopeful against a massive cyber attack. Most of the employees are still working from home, lack of security training and a plethora of attacks has forced the organization into strengthening its cybersecurity.

  "Airtel has urged its customers to take proactive measures such as continuous monitoring of network traffic for all channels, which include email, the internet, and others. It has also asked enterprise customers to enable geo-location monitoring for traffic coming from neighboring countries", reports Cisco, Economic Times.
The company has put an advisory to its costumers and enterprises to upgrade all softwares and patches available and strengthen server and application infrastructure. The telecom operator has advised employees to install proper security measures like anti-virus and update patches as well as to be careful of phishing attacks.