[Security Weekly] Microsoft Security Breach Exposed Records of 250 Million Customers
4th Week of January 2020
1. Microsoft discloses security breach that exposed records of 250 million customers
Microsoft disclosed on Wednesday about a security breach that happened last December which affected an estimated 250 million customers. The leak was from a customer support database which included users’ email addresses, IP addresses, as well as the details of the cases.
Microsoft assured that the names of the customers were not included in the database as they have an automated procedure to anonymize the users’ data before storing them into the database.
However, if a customer entered their email address using a non-standard format – for example, instead of writing “firstname.lastname@example.org”, a user could have written “name @ email.com” with spaces in between – in this case, the automated procedure would have failed to detect the name and leave the name in the database.
Microsoft has started to inform these customers who are affected. As of today, there isn’t any malicious use of the data that Microsoft is aware of.
2. Critical vulnerability found in WordPress plugins, exposing 320,000 websites to attack
WordPress is the content management system used to build all kinds of websites and online stores. By allowing users to select established themes and plugins, it gained great popularity among all kinds of businesses and bloggers.
According to ZDNet, earlier in January, cybersecurity researchers from WebArx discovered a critical bug in two of the WordPress plugins, InfiniteWP Client and WP Time Capsule, which allowed anyone to access the administrative account without a password.
These two plugins are currently actively in use on more than 80,000 websites and installed for an estimated 320,000 websites, meaning that anyone could have logged in to the administrative accounts of these sites and edit or remove all their contents.
The security team at WordPress was made aware of the situation and a patch to the vulnerability was added to the new versions. However, as of this week, it is said that only 5% of users have upgraded. The remaining users must upgrade immediately to prevent their website from being exploited.
3. Login credentials for more than 500,000 servers, routers, and IoT devices Leaked by Hacker
Earlier on Monday, a list containing the usernames, passwords, and IP addresses for more than 515,000 servers, home routers, and IoT devices was leaked on a popular hacker forum. The hacker was a freelancer who gets paid for launching DDoS attacks (SC Media). According to ZDNet, the hacker scanned the entire Internet to find devices with exposed Telnet ports, then tried using either factory-set login credentials or easy-to-guess usernames and passwords on them. The released bot list allows hackers to control these devices.
Experts at ZDNet scanned the list and discovered IoT devices (also called smart devices) from all around the world, some located under the networks of internet service providers (e.g. home devices) while others under cloud service providers (e.g. smart cars). If a hacker gets access to a security camera or an AI speaker, for instance, they would easily be able to intrude on the user’s privacy.
Since the bot list contained credentials collected between October and November 2019, many of the passwords and IP addresses for these devices would have changed by now. However, there remains a danger. Since many devices are located under a single internet service provider, professional hackers could easily identify the internet service provider and find out the updated IP addresses.
4. Cyberwar between Greece and Turkey: tensions flare-up between the old rivalry
According to Greek media Neos Kosmos, the country has been under cyberattack from Turkey last week. Turkish hackers have claimed responsibility for attacking the Greek government by launching DDoS attacks on websites including the government portal, national intelligence, parliament, ministries, as well as the stock exchange.
Back in December, Turkey announced its military support for the Libyan government to fight against the rebels, the Greek government has since then strongly condemned the military alliance (Foreign Policy). The attack last week was Turkey’s response to protest the Greek government’s stance on the situation.
Hours later, Greek retaliated with DDoS attacks on Turkey’s key government agencies, including the 112 emergency service, disaster email services, as well as the email services for other key ministries.
State-sponsored cyberattacks have been on the rise over the past two decades, interested in how they have transformed and where we are heading to? See article: State-Sponsored Cyberwarfare: Can We Defend Our World from Chaos?