In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.
Internet Archive breached again through stolen access tokens
Link: BleepingComputer
The Internet Archive experienced another data breach, this time due to stolen access tokens. This breach allowed unauthorized access to user accounts, further raising concerns about the organization's security practices. The tokens were used to access sensitive internal systems, but no evidence suggests user data was stolen. The Internet Archive is investigating the incident and has taken immediate steps to improve security measures and prevent future breaches.
Microsoft creates fake Azure tenants to pull phishers into honeypots
Link: BleepingComputer
Microsoft has initiated an innovative approach to combat phishing by creating fake Azure tenants to lure attackers into honeypots. These fake tenants are designed to attract phishing campaigns, allowing Microsoft to analyze their methods and gather intelligence on threat actors. This proactive defense strategy is part of Microsoft’s broader effort to safeguard its cloud services and users from increasingly sophisticated phishing attacks.
ESET-Branded Attack Targets Israel; Firm Denies Compromise
Link: DarkReading
A cyberattack disguised as an ESET-branded campaign has targeted Israel, deploying wiper malware to destroy data. Although the attackers used ESET's name and branding to lend credibility to their attack, ESET has denied any compromise or involvement. The attack highlights the dangers of using trusted brands to trick victims into downloading malicious software. Investigations are ongoing to identify the perpetrators and mitigate further risks.
Microsoft warns it lost some customer's security logs for a month
Link: BleepingComputer
Microsoft has notified customers that a subset of security logs was lost for approximately a month due to an internal system error. The missing logs affected the visibility of key security events for some users, potentially impacting their ability to detect and respond to threats. Microsoft is working on recovering the logs and has implemented measures to prevent similar issues in the future, apologizing for the inconvenience caused to its customers.
Undercover North Korean IT workers now steal data, extort employers
Link: BleepingComputer
North Korean IT workers, posing as freelancers, have been identified as part of a scheme to steal data and extort their employers. These undercover operatives take advantage of remote work opportunities to infiltrate companies, steal sensitive information, and in some cases, demand ransom payments. The U.S. government has issued warnings to businesses, urging them to be cautious when hiring freelance IT professionals from unverified sources, as this threat continues to grow.