Tag Archive for: major

When Microsoft employees exposed passwords in major security lapse

/in


Microsoft resolved a security lapse that exposed internal company files and credentials to the open internet, security researchers said. Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar found an open and public storage server which is hosted on Microsoft’s Azure cloud service. It was storing internal information relating to Microsoft’s Bing search engine which included code, scripts and configuration files containing passwords used by the Microsoft employees for accessing internal systems.

What we know about the storage server?

Microsoft security lapse: A Microsoft logo is seen on an office building in New York City, US.

The storage server was not protected with a password and could be accessed by anyone on the internet, Can Yoleri told TechCrunch adding that the data may help malicious actors identify or access other places where Microsoft stores its internal files which “could result in more significant data leaks and possibly compromise the services in use.”

What Microsoft did after the security breach?

Unlock exclusive access to the story of India’s general elections, only on the HT App. Download Now!

The researchers informed Microsoft of the security lapse on February 6 and the company secured the files on March 5, they said.

Microsoft’s security incidents in the past

This comes as the company has gone through a series of cloud security incidents in recent years. Last year, researchers found Microsoft employees were exposing their own corporate network logins in code published to GitHub. The company had also, in a different incident, admitted that it did not know how China-backed hackers stole an internal email signing key which allowed them broad access to Microsoft-hosted inboxes of senior US government officials.

Discover the complete story of India’s general elections on our exclusive Elections Product! Access all the content absolutely free on the HT App. Download now!
Stay informed on Business News, TCS Q4 Results Live along with Gold Rates Today, India News

Source…

Bitdefender Fixes Major Security Vulnerability: Patch Your Software Now

/in


Bitdefender has released a patch for a major security flaw in its products that could expose users’ devices to third-party access.

Under the Common Vulnerability Scoring System (CVSS), this threat — CVE-2023-6154 — scored 7.8, representing a serious threat to users of the affected products. Hackers can exploit the vulnerability to gain control over your device, siphon off personal information, or install malware on your computer.

Vulnerability CVE-2023-6154: Local Privilege Escalation

The vulnerability in question impacts a number of Bitdefender software, including Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; and Antivirus Free: 27.0.25.114.

According to Bitdefender, the bug is a configuration issue in the seccenter.exe executable. By leveraging this vulnerability, attackers can control and influence the behavior of the software, allowing them to execute third-party libraries.

Thankfully, Bitdefender detected and issued a patch for the vulnerability that plugs the security hole in the above antivirus packages.

Bitdefender Has Faced Privilege Escalation Vulnerabilities Before

This isn’t the first time that Bitdefender has had issues with vulnerabilities. In 2020, Bitdefender Antivirus Free was found to have issues within two processes — vsserv.exe and updatesrv.exe.

These processes, which have the highest level of system permissions, could be hijacked to execute third-party, malicious scripts, according to a report by SafeBreach. Bitdefender fixed the bug a month after it was reported.

It’s not uncommon for vulnerabilities to be detected in cybersecurity products and other software. That’s why bug bounties and white hat hackers exist; they look for and report on issues like these before cybercriminals can exploit them.

How to Patch Your Bitdefender Software

If you use any of the affected Bitdefender software, we recommend updating your app immediately to receive the security patch. Here’s how:

  1. Open the Bitdefender app on your device.
  2. Click on “Update Now.”

Bitdefender sits second place in our ranking of the best antivirus solutions. To learn more about this…

Source…

AT&T data breach: Millions of customers caught up in major dark web leak

/in


Manage consent settings on AMP pages

These settings apply to AMP pages only. You may be asked to set these preferences again when you visit non-AMP BBC pages.

The lightweight mobile page you have visited has been built using Google AMP technology.

Strictly necessary data collection

To make our web pages work, we store some limited information on your device without your consent.

Read more about the essential information we store on your device to make our web pages work.

We use local storage to store your consent preferences on your device.

Optional data collection

When you consent to data collection on AMP pages you are consenting to allow us to display personalised ads that are relevant to you when you are outside of the UK.

Read more about how we personalise ads in the BBC and our advertising partners.

You can choose not to receive personalised ads by clicking “Reject data collection and continue” below. Please note that you will still see advertising, but it will not be personalised to you.

You can change these settings by clicking “Ad Choices / Do not sell my info” in the footer at any time.

Source…

The number of ransomware victims is booming — despite major threats being shut down

/in


Despite the police dismantling some of the biggest and most dangerous ransomware threats out there, ransomware as a criminal industry continues to flourish. 

A new report from cybersecurity researchers from Palo Alto Networks’ Unit 42, which found a 49% increase in victims reported on ransomware leak sites. 

Source…