250 Million Microsoft Customer Support Records Exposed Online

Microsoft customers who have requested technical support within the past 14 years may have had their queries and personally identifiable information compromised due to a misconfigured server. Last week, Microsoft admitted that Customer Service and Support (CSS) records containing logs of conversations between customers and staff members were available online for anyone to download.

Microsoft has stated that the personally identifiable information in the database was not in a standard format, so it’s unlikely an outside party could expose it. However, Bob Diachenko, the cybersecurity researcher who discovered the unprotected database, stated it contains partially sensitive data, including:

Email addresses,

IP addresses,

Locations,

Descriptions of CSS claims and cases,

Microsoft support agent emails,

Case numbers, resolutions, and remarks,

And internal notes marked as “confidential.”

Those impacted by the leaked database will be notified in the upcoming weeks.

Read more here

Trend Micro Antivirus Zero-Day Used in Mitsubishi Electric Hack

In a recent press release, Mitsubishi Electric states that it fell victim to a hack last year. According to the company’s statement, hackers were able to gain access to its internal network and steal 200 MB of files on June 28, 2019. The stolen documents seem to be primarily related to data surrounding employees, including:

Data on employment applications for 1,987 people

The results of a 2012 employee survey that was filled in by 4,566 people from the company’s head office

Information on 1,569 Mitsubishi Electric workers who retired between 2007 and 2019

Files with corporate confidential technical materials, sales materials, and others

However, the Japanese media dug deeper into the hack and have discovered that the initial foothold into the company was a vulnerability in one of the antivirus products it uses. According to a source close to ZDNet, the hackers exploited CVE-2019-18187, a directory traversal and arbitrary file upload vulnerability in Trend Micro OfficeScan antivirus.

In October 2019, Trend Micro sent out a security advisory stating that “affected versions of OfficeScan could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).” Japanese media has stated that Tick, a Chinese state-sponsored group, was responsible for the hack.

Read more here

New Ryuk Info Stealer Targets Government and Military Secrets

A modified version of Ryuk ransomware is stealing sensitive data such as financial statements, banking information, and more from military and government entities. MalwareHunterTeam discovered the new variant, which contains an additional module that scans for files with targeted keywords. Previously, Ryuk would only scan Word and Excel documents within a targeted computer.