EDPO (European Data Protection Office)’s Post

The #security (or, more appropriately, lack thereof) of #Microsoft's products has been a running gag among the #IT world ever since the days of #Windows95. Nowadays, the company seems to have a monopolistic stranglehold on the home, office, and government markets, despite countless warnings by #cybersecurity experts and #antitrust lawyers and activists. This #monoculture leaves us all vulnerable, as our personal, professional, and government #data depend on a company with a patchy track record re: #datasafety & #datasecurity and a really bad track record re: #dataprivacy. It's high time the company's lobbyists got the boot from the corridors of power, and our governments and transnational organizations reconsidered their options.

"Wouldn’t you want to know what tech giants know about you? That’s exactly what Russian government hackers want, too.   On Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, also known as APT29 or Cozy Bear — and widely believed to be sponsored by the Russian government — hacked some corporate email accounts, including those of the company’s 'senior leadership team and employees in our cybersecurity, legal, and other functions.'   Curiously, the hackers didn’t go after customer data or the traditional corporate information they may have normally gone after. They wanted to know more about themselves, or more specifically, they wanted to know what Microsoft knows about them, according to the company." #GDPRandNonEUcompanies #EDPObrussels #EUrepresentative #DataProtection #UKrepresentative #EDPOuk #UKGDPR #EUGDPR #GDPR #Microsoft #Hack #PersonalData #Privacy Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/gy6ZkXHw

🔺🔺🔺 7h ago, news broke that Microsoft informs customers that Russian hackers spied on emails. Microsoft has been in the news over the last few months about the faults which have led to serious breaches. See some of the previous articles down below: 🔺 US government review faults Microsoft for ‘cascade’ of errors that allowed Chinese hackers to breach senior US officials’ emails - https://lnkd.in/eM4ejJDZ 🔺 Microsoft could have prevented Chinese cloud email hack, US cyber report says - https://lnkd.in/eB9Etigt 🔺 A Microsoft under attack from government and tech rivals after ‘preventable’ hack ties executive pay to cyberthreats - https://lnkd.in/eeQTN_tW 🔺 Microsoft Warns Windows Users Of Ongoing Russian Hack Attack - https://lnkd.in/enzEhyRk 🔺 U.S. says recent Microsoft breach exposed federal agencies to hacking - https://lnkd.in/epkRCVBN 🔺 Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices - https://lnkd.in/eip3KxAz 🔺 Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets - https://lnkd.in/ePMmrpkV 🔺 Congress warns Microsoft about foreign hackers again — will it matter this time? - https://lnkd.in/eCWrTuP9 https://lnkd.in/ezKGj9vK 🔺 The NHS cyber attack - https://lnkd.in/ev8NBYTT 🔺 US reprimands Microsoft for security failures that allowed Chinese hack - https://lnkd.in/emiXYjb4 🔺 Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets - https://lnkd.in/ePMmrpkV

Russian foreign intelligence hackers gain access to top Microsoft officials, company says Microsoft said the SVR attack "was not the result of a vulnerability" in its products or services. Hackers working on behalf of Russia’s foreign intelligence service successfully penetrated a limited number of Microsoft corporate email accounts, stealing some emails and attached documents, the company announced Friday. Microsoft detected the attack from a hacking unit tied to Russia’s External Intelligence Service (SVR) on Jan. 12 “and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access,” the company said in a Securities and Exchange Commission filing. The attackers used a password spray attack — a process where multiple user names are tried against a constant password for a given account — to compromise a “legacy, non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft’s corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.” The company’s investigation suggests the attackers were “initially” targeting email accounts for information related to themselves. “The attack was not the result of a vulnerability in Microsoft products or services,” the company added. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.” This is the second time in the past six months that Microsoft has disclosed an embarrassing attack by state-aligned hackers. In July, the company announced that a Chinese-linked operation had successfully obtained an internal consumer signing key and used that to obtain access to email accounts connected with U.S. government officials. The SVR hacking unit that attacked Microsoft — tracked by Microsoft as Midnight Blizzard, but also as Nobelium, APT29, or Cozy Bear — was behind the attack on SolarWinds, first announced in 2020, which gave the hackers access to a variety of U.S. government agencies, along with hundreds of other victims, The White House said in April 2021. The group was also involved with the hack of the Democratic National Committee leading up to the 2016 U.S. elections, playing a key role in the sweeping Russian election interference operation. #hackers #microsoftsecurity #solarwinds

According to a new analysis released by Microsoft, a series of technical missteps by the tech giant, including the hack of a company engineer, gave the Chinese government access to emails of top Biden administration officials and other organizations. Find out more about this development and other top cybersecurity news you should know, including --UK gov't clarifies encrypted messaging access plans, --W3LL threat actor can bypass Microsoft MFA, --Tornado Cash co-founder pleads not guilty, --Safer Tornado Cash alternative proposed, --much more #microsoft #chineseespionage #onlinesafetybill #tornadocash #infosec #cybersecurity https://lnkd.in/eMTe2a6z

According to a new analysis released by Microsoft, a series of technical missteps by the tech giant, including the hack of a company engineer, gave the Chinese government access to emails of top Biden administration officials and other organizations. Find out more about this development and other top cybersecurity news you should know, including --UK gov't clarifies encrypted messaging access plans, --W3LL threat actor can bypass Microsoft MFA, --Tornado Cash co-founder pleads not guilty, --Safer Tornado Cash alternative proposed, --much more #microsoft #chineseespionage #onlinesafetybill #tornadocash #infosec #cybersecurity https://lnkd.in/ejwqKPU4

Is your IT MSP talking to you about Russian government hackers within Microsoft right now. Reading emails between Microsoft & customers? Stealing customer data. Most MSPs aren’t. Every MSP knows this is active. The FBI Cyber Division, posted a notice. So did the NSA, and the Cybersecurity and Infrastructure Security Agency, the National Cyber Security Centre, and many others. Here’s what you need to know, that most MSPs aren’t telling their customers. Russians are in Microsoft’s internal systems. They have stolen data that allows them to login to Microsoft customers systems. They did this when customers emailed Microsoft, likely through the admin center and talked to support. This is an important aspect to understand. Don’t share login information with Microsoft. Not now, not ever. Change any passwords you think are within emails. And ensure two factor authentication is enabled. Additionally, the CISA has a list of recommended steps to specifically help defend against the Russian government’s efforts, published late last month. Find it here: https://lnkd.in/ghFTfaS8 Take action immediately! Russia is within Microsoft right now.

Russia-backed hackers used Microsoft Teams to breach government agencies Russian state-sponsored hackers posed as technical support staff on Microsoft Teams to compromise dozens of global organizations, including government agencies. Microsoft security researchers said on Wednesday that the “highly targeted” social engineering campaign was carried out by a Russian state-sponsored hacking group tracked by Microsoft as “Midnight Blizzard,” but more commonly known as APT29 or Cozy Bear. The group, which was linked to the infamous SolarWinds attack in 2020, is part of Russia’s Foreign Intelligence Service, or SVR, according to U.S. and U.K. law enforcement agencies. The attacks, which began in late-May, saw the APT29 hackers use previously compromised Microsoft 365 accounts to create new technical support-themed domains. Using these domains, the hackers sent Microsoft Teams messages that aimed to manipulate users into granting approval for multi-factor authentication prompts, with the ultimate aim of gaining access to user accounts and exfiltrating sensitive information. “If the target user accepts the message request, the user then receives a Microsoft Teams message from the attacker attempting to convince them to enter a code into the Microsoft Authenticator app on...

It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week: 🚓 LockBit Ransomware Infrastructure Seized: International law enforcement operation targets LockBit, disrupting its operations. | 2/19/2024 | CyberScoop | https://lnkd.in/eC6vTRiQ 👋 NSA Cyber Director to Depart: Rob Joyce leaving, to be replaced by David Luber at the end of March. | 2/20/2024 | CyberScoop | https://lnkd.in/e8EJNbGc 🕵️ Meta Targets Spyware and Fake News: Disrupts 8 spyware firms and 3 fake news networks amid growing threats. | 2/20/2024 | Dark Reading | https://lnkd.in/e9iEmtyA 🌪️ Volt Typhoon's Sensitive Data Exfiltration: Dragos highlights the threat to ICS/OT systems by China's hacking groups. | 2/20/2024 | SecurityWeek | https://lnkd.in/euyX8aRJ 🔐 Signal Enhances Privacy with Usernames: Allows users to communicate without revealing phone numbers. | 2/21/2024 | The Hacker News | https://lnkd.in/evGvjBTZ 🕵️ Leak Exposes Chinese Hacking Operations: Documents from I-SOON offer insight into Beijing's cyber capabilities. | 2/21/2024 | CyberScoop | https://lnkd.in/e9t6U5_S 🤖 ChatGPT Experiences a Glitch: Sends unexpected messages to users, raising concerns. | 2/21/2024 | Google News | https://lnkd.in/en-aw_TU 🐍 Cybercriminals are weaponizing the open-source SSH-Snake tool for network attacks, turning it into a self-modifying worm that leverages SSH credentials. 2/22/2024 | The Hacker News | https://lnkd.in/eg5qAn7g 📲 iMessage receives a major update, introducing 'Post-Quantum' encryption to put it on equal footing with Signal, boosting its security against future quantum computing attacks. 2/22/2024 | Google News | https://lnkd.in/e3MKhnCz 🛑 Google pauses the Gemini AI's ability to generate images of people due to historical inaccuracies, reflecting the challenges in AI-generated content. 2/22/2024 | Google News | https://lnkd.in/efhm4Uap 🚚 U-Haul informs customers of a breach where a hacker accessed customer records using stolen credentials, highlighting the ongoing challenges in protecting customer data. 2/23/2024 | BleepingComputer | https://lnkd.in/e4BzgBVW Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems! #cybersecuritynews #cybersecurity

Sp1d3r Hacks Cylance, Google Busts Propaganda, NHS Hit by Russian Hackers In today's episode, we delve into the latest cybersecurity incidents, including Cylance confirming old data sold by Sp1d3r for $750,000, ongoing disruptions in the NHS due to a Russian Qilin ransomware attack, and Google's takedown of coordinated influence campaigns linked to China, Russia, and Indonesia. We also highlight Snowflake account breaches connected to recent data compromises at Advance Auto Parts, Santander, and Ticketmaster. Join us as we explore the implications of these attacks and the latest reports from BleepingComputer, The Guardian, and The Hacker News. References: https://lnkd.in/etJ_k3ec https://lnkd.in/g8ewJNvW https://lnkd.in/ep_A-vvc Thanks to Jered Jones for providing the music for this episode. https://lnkd.in/exH6P-XD Logo Design by https://lnkd.in/eBHpmJhD Tags: Sp1d3r, Cylance, Snowflake, UNC5537, Google, YouTube, Blogger, Propaganda, Russian hackers, NHS, Disruption, Mitigate Search Phrases: Notorious hacker Sp1d3r data breach Cylance marketing data dark web Snowflake cybersecurity vulnerabilities UNC5537 Snowflake account security Google influence operation crackdown YouTube channel shutdown China propaganda Blogger blog purge misinformation Russia Russian hackers NHS disruption NHS cybersecurity breach recovery Mitigating hacker impact on NHS Cylance confirms data breach linked to 'third-party' platform https://lnkd.in/etJ_k3ec ---`Flash Briefing: Data Breach Disclosure: Cylance confirmed that data being sold on a hacking forum is legitimate but old, stolen from a third-party platform. The data allegedly includes 34 million customer and employee emails and personally identifiable information. Source: BleepingComputer . Threat Actor Activity: A hacker known as Sp1d3r is selling the stolen data for $750,000. Researchers indicated this data seems to be old marketing information. BlackBerry Cylance stated no current customers or sensitive data are impacted. Source: Dark Web Informer . Snowflake Links: The same threat actor, Sp1d3r, is also selling 3TB of data from Advance Auto Parts, allegedly breached through a Snowflake account. Other recent breaches at Santander, Ticketmaster, and QuoteWizard also link to Snowflake attacks. Source: BleepingComputer . Credential Theft: Attackers used stolen customer credentials to target Snowflake accounts without multi-factor authentication (MFA). Mandiant linked these attacks to a financially motivated threat actor, UNC5537, who has been active since at least 2020. Source: Mandiant . Recommendations: Ensure all accounts, particularly those related to third-party platforms,