Dropbox Sign Breach Exposes Customer Data
Cloud storage giant Dropbox has recently disclosed a data breach affecting its eSignature service, Dropbox Sign (formerly HelloSign). The incident highlights the ongoing risks businesses…
Microsoft Data Breach Leaks Organisation’s Data
Microsoft has announced that a misconfigured Microsoft endpoint has resulted in the potential for unauthenticated access to business transaction data between Microsoft and its customers. The leaked data includes names, email addresses, email content, company name, and phone numbers.
Security researchers at SOCRadar initially found the misconfiguration on September 24th, 2022. However, Microsoft has refrained from adding detail to the incident; SOCRadar has published a blog reporting that over 65,000 organisations have potentially had data leaked. They said that the leak stemmed from a misconfigured Azure Blob Storage and included Proof-of-Execution and Statement of Work documents, project details, and documents that may reveal intellectual property.
The researchers warned that threat actors who have accessed the information may use it to create social engineering attacks, such as phishing attacks, or for extortion and blackmailing. SOCRadar has created a portal to allow organisations to check if their information has been leaked in this incident.
Microsoft has said that they have directly notified impacted customers and provided them instructions for contacting Microsoft with queries or concerns. Customers that did not receive a communication from Microsoft’s Message Center were not identified as being impacted by the data leak.
Preventions:
Organisations that have had their data leaked in this incident should be aware that it could be used against them in social engineering attacks, specifically phishing attacks. The following steps can help prevent an attack from becoming successful:
- Turn on spam filters and investigate possible anti-phishing solutions. Using systems that detect phishing emails can help prevent these emails from reaching your users.
- Train staff on spotting the signs of a phishing attack, such as looking for odd email handles, urgent requests, and bad grammar and spelling.
- Should a phishing email land in your inbox, notify all colleagues to watch out for similar emails. If possible, block the email domain and IP address associated with the malicious email.
- Create an atmosphere of trust within your organisation – ask staff to report any phishing emails as soon as possible, especially if they have clicked on any links or files within the email.
Related Links
https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/ – Published October 19th
Related articles
Social Media Fraud: The Evolving Threat and How to Defend Yourself
Social media platforms offer connection and entertainment, but they’ve also become a hunting ground for sophisticated scammers. These criminals are increasingly turning to a combination…
DarkGate Malware: Threat Exploiting AutoHotkey
The DarkGate malware family, a persistent threat since 2018, has recently resurfaced in a sophisticated global campaign. This Remote Access Trojan (RAT), built using the…