InfoSecBulletin Cybersecurity for mankind
Microsoft’s AI research division accidentally leaked large amounts of sensitive data. This happened when they were contributing open-source AI learning models to a public GitHub repository.
Cloud security firm Wiz recently discovered that a Microsoft employee mistakenly shared a URL. This URL led to a misconfigured Azure Blob storage bucket that contained leaked information.
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
The Wiz Research Team has made a remarkable discovery that, in addition to the open-source models, the internal storage account unintentionally granted access to an astounding 38TB of additional and private data.
The exposed data included backups of personal information belonging to Microsoft employees. This included passwords for Microsoft services, secret keys, and an archive of over 30,000 internal Microsoft Teams messages from 359 Microsoft employees.
Microsoft issued an advisory on Monday stating that “no customer data was exposed and no other internal services were at risk during the incident”.
Wiz reported the incident to MSRC on June 22, 2023. They revoked the SAS token to prevent external access to the Azure storage account. The issue was resolved on June 24, 2023.
Source:
Bleeping computer
Times of India
TechCrunch
