Tag Archive for: employees

When Microsoft employees exposed passwords in major security lapse

/in


Microsoft resolved a security lapse that exposed internal company files and credentials to the open internet, security researchers said. Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar found an open and public storage server which is hosted on Microsoft’s Azure cloud service. It was storing internal information relating to Microsoft’s Bing search engine which included code, scripts and configuration files containing passwords used by the Microsoft employees for accessing internal systems.

What we know about the storage server?

Microsoft security lapse: A Microsoft logo is seen on an office building in New York City, US.

The storage server was not protected with a password and could be accessed by anyone on the internet, Can Yoleri told TechCrunch adding that the data may help malicious actors identify or access other places where Microsoft stores its internal files which “could result in more significant data leaks and possibly compromise the services in use.”

What Microsoft did after the security breach?

Unlock exclusive access to the story of India’s general elections, only on the HT App. Download Now!

The researchers informed Microsoft of the security lapse on February 6 and the company secured the files on March 5, they said.

Microsoft’s security incidents in the past

This comes as the company has gone through a series of cloud security incidents in recent years. Last year, researchers found Microsoft employees were exposing their own corporate network logins in code published to GitHub. The company had also, in a different incident, admitted that it did not know how China-backed hackers stole an internal email signing key which allowed them broad access to Microsoft-hosted inboxes of senior US government officials.

Discover the complete story of India’s general elections on our exclusive Elections Product! Access all the content absolutely free on the HT App. Download now!
Stay informed on Business News, TCS Q4 Results Live along with Gold Rates Today, India News

Source…

Hacking humans: Devious tricks attackers use to infiltrate via employees

/in


When we hear the word “hacking” we typically imagine a hooded bad guy coding in a dark room, using cyber skills to breach technical systems and networks.

But what if we told you that 80-95% of all computer attacks begin with the hacking of a human being? That’s right, hacking human beings (a.k.a. social engineering) is usually “phase one” of any cyberattack. This doesn’t require so many technical skills but rather a clever understanding of how human nature responds to phishing lures.

What is Social Engineering? 

Social engineering is a technique used by threat actors to trick online users into revealing sensitive information (such as passwords) or convince them to perform an action (such as clicking a link) that ends up compromising an identity, a system or network.

While email phishing is probably the most popular form of social engineering, other forms are also on the rise such as smishing (SMS text phishing), quishing (QR code phishing), BEC (business email compromise), and vishing (voice phishing).

How Do Social Engineering Attacks Work?

Regardless of medium or method (email, voice, text) social engineering attacks are typically executed using the following steps:

1. Conducting Reconnaissance

Just like an investigator that surveys, monitors or observes a potential target — who they meet, where they spend time, where they live, etc., attackers too will often do background research on their targets.

This includes combing through social media profiles (checking their social media interactions, mentions and connections), learning about their colleagues, friends and family members; obtaining their contact information and finally using tools like open source intelligence (OSINT) to uncover vulnerable and exploitable assets that they can target or operationalize. 

2. Designing a Pretext

Just like in the old movie “The Talented Mr. Ripley” where a con-artist crafts a fake story to convince everyone that he’s the son of a shipping tycoon, attackers too will create situations or stories to dupe their targets. It can be anything from a discount code to an investment opportunity, from a “verify your email” notification to a notification highlighting…

Source…

A Wake-Up Call for Securing Remote Employees’ Hardware

/in


Update: Multiple U.S. and international government agencies released an advisory Feb. 7 detailing the Volt Typhoon attacks. The threat actors targeted and compromised the IT environments of U.S. communications, energy, transportation and water infrastructure in the continental U.S. as well as non-continental areas and territories, such as Guam.

Original article: State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. Most of the affected routers were manufactured by Cisco and NetGear and had reached end-of-life status.

Department of Justice investigators said on Jan. 31, 2024, that the malware has been deleted from affected routers. The investigators also cut the routers off from other devices used in the botnet.

IT teams need to know how to reduce cybersecurity risks that could stem from remote workers using outdated technology.

What is the Volt Typhoon botnet attack?

The cybersecurity threat in this case is a botnet created by Volt Typhoon, a group of attackers sponsored by the Chinese government.

Starting in May 2023, the FBI looked into a cyberattack campaign against critical infrastructure organizations. On Jan. 31, 2024, the FBI revealed that an investigation into the same group of threat actors in December 2023 showed attackers sponsored by the government of China had created a botnet using hundreds of privately-owned routers across the U.S.

The attack was an attempt to create inroads into “communications, energy, transportation, and water sectors” in order to disrupt critical U.S. functions in the event of conflict between the countries, said Wray in the press release.

SEE: Multiple security companies and U.S. agencies have their eyes on Androxgh0st, a botnet targeting cloud credentials. (TechRepublic) 

The attackers used a “living off the land” technique to blend in with the normal operation of the affected devices.

The FBI is contacting anyone whose equipment was affected by this specific attack. It hasn’t been confirmed whether…

Source…

Dallas ransomware: Employees benefit information likely accessed

/in


DALLAS — Hackers likely accessed city of Dallas employees’ benefits information as a result of the ransomware attack that occurred in early May, WFAA has learned. 

WFAA obtained a copy of an email sent to city employees from Dallas City Manager T.C. Broadnax, which stated “some benefits-related information maintained by the City’s Human Resources department was accessed by the unauthorized third party responsible for this ransomware incident.”

Broadnax did not say in the email how many employees were affected. He also said the City is offering free credit monitoring for employees. 

In late June, Dallas City Council approved a near $4 million deal to ramp up cybersecurity systems already in place. The funding specifically provides the city with a “threat and anomaly detection” system for the Information and Technology Services Department over the span of three years.

“We understand the concern this incident may cause, and please know we are working to provide the necessary resources and support for our employees,” Broadnax said in the email.

Source…