Posted on

Microsoft Azure Customer Data Deleted In DNS Flaw

Users of Microsoft’s Azure system lost database records as part of a mass outage on Tuesday.

A combination of DNS problems and automated scripts were to blame, said reports.

Quora Website Data Breach Hits 100 Million Users

Microsoft deleted several Transparent Data Encryption (TDE) databases in Azure, holding live customer information. TDE databases dynamically encrypt the information they store, decrypting it when customers access it.

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

Keeping the data encrypted at rest stops an intruder with access to the database from reading the information.

While there are different approaches to encrypting these tables, many Azure users store their own encryption keys in Microsoft’s Key Vault encryption key management system, in a process called Bring Your Own Key (BYOK).

Breaking down the Marriott data breach

The deletions were automated, triggered by a script that drops TDE database tables when their corresponding keys can no longer be accessed in the Key Vault, explained Microsoft in a letter reportedly sent to customers.

Time Is Now For Social Media and Digital Marketing Intelligence to Grow Your Business

The company quickly restored the tables from a five-minute snapshot backup, but that meant any transactions that customers had processed within five minutes of the table drop would have to be dealt with manually. In this case, customers would have to raise a support ticket and ask for the database copy to be renamed to the original.

 

Why were the systems accessing the TDE tables unable to access the Key Vault? The answer stems from a far bigger issue for Microsoft and its Azure customers this week.
An outage struck the cloud service worldwide on Tuesday, causing a range of problems. These included intermittent access to Office 365 in which users had only half a chance of logging on. Broader Azure cloud resources were also down.

 

Windows 10’s Built-in Antivirus Is Getting A Massive Upgrade

 

This problem was, in turn, down to a DNS outage, according to Microsoft’s Azure status page:

Preliminary root cause: Engineers identified a DNS issue with an external DNS provider.

Mitigation: DNS services were failed over to an alternative DNS provider which mitigated the issue.

Reports suggested that this DNS outage came from CenturyLink, which provides DNS services to Microsoft.

Goodbye to Edge: Microsoft is building a new, faster browser

The company had suffered a software defect, it had said in a statement.

This shows what can go wrong when cloud-based systems are interconnected and automated enough to allow cascading failures.

A software defect at a DNS provider indirectly led to the deletion of live customer information thanks to a lack of human intervention.

CenturyLink seems to be experiencing serial DNS problems lately.

The company, which completed its $34bn acquisition of large network operator Level 3 in late 2017, also suffered a DNS outage in Decemberthat reportedly affected emergency services, sparking an FCC investigation.

Azure users can at least take comfort in the fact that Microsoft is offering multiple months of free Azure service for affected parties.

Source: Naked Security

 


Also viewed

Windows 10 can carry on slurping even when you’re sure you yelled STOP

 

Posted on

Thermal FLIR Imaging Radar: “The Perfect Tool for Border and Perimeter Protection”

Thermal FLIR Imaging Radar 360 Degree Situational Awareness

Security intelligence is different to business intelligence.

Product Overview

Thermal Radar utilizes a best in class rotating FLIR Tau2 thermal sensor and applies edge-based analytic detection algorithms to detect, classify and Geo-Spatially locate any incursion that may threaten your perimeter. Thermal Radar detection alerts generate not only a GPS coordinate of the intruder’s specific location but also a thermal image of the intrusion. By providing accurate GPS coordinates upon detection, Thermal Radar provides many of the same net results of a traditional radar while remaining a completely passive and undetectable intrusion system. Thermal Radar can be a standalone detection outpost on an expansive border project or the centerpiece of an integrated physical security strategy at your most critical facilities.

Key Benefits of Thermal Imaging Radar

  • 24/7 continuous 360 degree situational awareness,
  • Seek, find, target multiple threats or enemy targets simultaneously,
  • Suitable for offshore, coastline, borders, operations and logistics, aerospace, shipyard, ports, and anywhere your process needs 24/7 continuous situational awareness intelligence,
  • Integrates with communications options including satellite, GPS, 3rd party PTZ, VMS,
  • Installs in 10 minutes,
  • Saves time and money,
  • Saves lives and protects assets.

 

Detailed Product Information

CCTV Video Surveillance and Thermal FLIR Imaging Radar Systems

 

Recommended

Hackers Data Breach Equifax For 76 Days Before Being Discovered

Nicole Eagan, Darktrace CEO, speaks at Hong Kong RISE: ‘When AI attacks’

Meet Penny, an AI tool that can predict wealth from space

Posted on

San Diego School District Data Breach Hits 500k Students

A phishing attack led to the data breach of students’ social security numbers, addresses, and more.

A phishing attack against California’s San Diego Unified School District has led to hackers scooping up Social Security numbers and addresses of more than 500,000 students and staff.

Hackers Data Breach Equifax For 76 Days Before Being Discovered

The district became aware of the breach Oct. 2018. The actual breach occurred between January 2001 and November 2018, a spokesperson said. The district reported that it was first alerted to “multiple reports of phishing emails,” which were used to gather log-in information of staff members throughout the district.

Hackers then used that log-in data to access the social security numbers and first and last names of student and staff, as well as their date of birth, mailing address, home address and phone number.

The 21 biggest data breaches of 2018

“The data file contained information on students dating back to the 2008-09 school year, or more than 500,000 individuals,” according to a notification on the San Diego Unified School District’s website on Friday. “For that reason, all of those individuals have been notified of the incident. Additionally, some 50 district employees had their log-in credentials compromised as part of the phishing operation. All students and staff who had their information accessed have been alerted by district staff.”

The San Diego Unified School District serves more than 121,000 students and is the second largest school district in California.

Other accessed information included:

-Student enrollment information like schedule, discipline incident information, health information, attendance records, transfer information, legal notices on file, and attendance data

-Student and selected staff State Student ID Number

-Student and staff parent, guardian and emergency contact personal identifying information (including first and last name, phone numbers, address, email address, employer information)

-Selected staff benefits information

-Selected staff payroll and compensation information (including viewable paychecks and pay advices, deduction information, tax information, direct deposit financial institution name, routing number and account number, salary and leave information)

The district said that police have identified “a subject of the investigation” and blocked all stolen credentials; however, they could not comment more due to the ongoing nature of the investigation. Meanwhile, staff members whose accounts were compromised had the security on their accounts reset.

The San Diego Unified School District did not immediately respond to a request for comment from Threatpost.

Earlier this month, hackers launched a phishing attack against the Cape Cod Community College, and made away with at least $800,000 from the school’s bank accounts, according to The Boston Globe.

Phishing has continued to be an easy – but effective – tactic for hackers to access credentials and use them to log in to systems. In fact, the technique has increased in popularity during the holiday season, according to researchers at Proofpoint.

The best way to counter this technique, according to Tim Erlin, vice president of product management and strategy at Tripwire, is to have complete and comprehensive logs from all systems.

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

“Phishing remains a major avenue for initial compromise,” he said in an email. “When planning security controls, it’s important to consider not only what an attacker might do, but also what an attacker with authorized access might do.”

Source: Threatpost – Lindsey O’Donnell