Microsoft Data Breach
Microsoft last week confirmed that more than 65,000 entities’ data were exposed due to a server misconfiguration. On September 24, 2022, the security researchers at SOCRadar discovered that Azure Blob Storage instance managed by Microsoft with high-profile cloud provider’s data was misconfigured and inadvertently made it publicly accessible. SOCRadar immediately notified Microsoft about this issue when spotted, which was then fixed by patching the security issue and ensuring authentication is in place.
This breach resulted in unauthenticated access to information of some business transaction data corresponding to interactions between Microsoft and its customers which included customer’s name, email address, email content, file attachments, organization name, and contact numbers dated from 2017 to August 2022.
SOCRadar released a search tool publicly termed as BlueBleed where companies can query to check if their data is published anonymously in any open buckets. There is no evidence that the information was improperly accessed by bad actors, however this breach could lead to extortion, blackmail, and social engineering attacks as per SOCRadar by the nature of leaked information.
The data also included the infrastructure and network configuration information of Microsoft potential customers which can be exploited by the attackers who may be looking for vulnerabilities. Microsoft notified the impacted customers directly via a Microsoft 365 Admin Centre message.
CTRL Group recommends the following:
- Auditing the established network security rules periodically.
- Internal Staff to be trained enough and ensure they possess required skills to securely configure and migrate the information to cloud.
- Implement additional automation for configurations to reduce human error.
Fortinet Authentication Bypass Vulnerability
An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device’s logs: user=”Local_Process_Access”
Fortinet is also aware of instances where this vulnerability was exploited to download the config file from the targeted devices, and to add a malicious super_admin account called “fortigate-tech-support”
Please contact customer support for assistance and enact your incident response plan upon validation of a potential compromise.
Affected Products:
- FortiOS versions 5.x, 6.x are NOT impacted.
- FortiOS version 7.2.0 through 7.2.1
- FortiOS version 7.0.0 through 7.0.6
- FortiProxy version 7.2.0
- FortiProxy version 7.0.0 through 7.0.6
- FortiSwitchManager version 7.2.0
- FortiSwitchManager version 7.0.0
CTRL Group recommends checking if the firewalls are vulnerable to these attacks and patching immediately. Alternatively remote exploitation can be mitigated by disabling HTTP/HTTPS administrative interface on Fortigate devices.
Patched versions are as below:
- FortiOS version 7.2.2 or above
- FortiOS version 7.0.7 or above
- FortiProxy version 7.2.1 or above
- FortiProxy version 7.0.7 or above
- FortiSwitchManager version 7.2.1 or above
- FortiOS version 7.0.5 B8001 or above for FG6000F, 7000E/F series platforms
Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
Google rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser in the last week of October. It also acknowledged the reports that an exploit for CVE-2022-3723 exists in the wild.
The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. This is the third actively exploited type confusion bug in V8 this year after CVE-2022-1096 and CVE-2022-1364.
This vulnerability has been patched in version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.
CTRL Group recommends upgrading to version 107.0.5304.87 for macOS and Linux and 107.0.5304.87/.88 for Windows to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.