Cybersecurity Highlights

This section registers the most relevant incidents or public events related to the cybersecurity and information and communication technologies (ICT), in a way that a chronological history of them is available, together with their main links, references and information sources.

Post related to: Microsoft

Microsoft Power Apps put the confidentiality of millions of data at risk

UpGuard researchers have reported a vulnerability that affects Microsoft Power Apps, related to a configuration flaw in ODdata API, which could have exposed online more than 38 million of sensitive...

References:

upguard.com

docs.microsoft.com

unaaldia.hispasec.com

zdnet.com

thehackernews.com

Tags:

Public administration

Vulnerability

Microsoft warns that government-backed cybercriminals gained access to email systems

The Microsoft Threat Intelligence Center (MSTIC) has reported multiple 0-day exploits used by a Chinese state-sponsored threat actor to attack local versions of Microsoft Exchange Server in a...

References:

blogs.microsoft.com

microsoft.com

bleepingcomputer.com

20minutos.es

Tags:

Other critical infrastructures

Vulnerability

Windows

Campaign targeting cybersecurity researchers detected

Google has identified an ongoing campaign targeting cybersecurity researchers working on study of vulnerabilities across multiple companies and organizations, suspected to be perpetrated by an...

References:

blog.google

bleepingcomputer.com

zdnet.com

unaaldia.hispasec.com

microsoft.com

blog.google

Tags:

Malwarebytes, another victim of SolarWinds security incident perpetrators

Malwarebytes, the popular cybersecurity services company, has confirmed that it has suffered a cyberattack by the same threat actors that caused the security incidents stemming from the SolarWinds...

References:

blog.malwarebytes.com

bleepingcomputer.com

infosecurity-magazine.com

unaaldia.hispasec.com

Tags:

A threat actor commits a Mimecast certificate

The email management software provider, Mimecast, has reported that one of its issued certificates, intended to authenticate its Mimecast Sync and Recover, Continuity Monitor and IEP (Internal...

References:

mimecast.com

sec.gov

bleepingcomputer.com

zdnet.com

threatpost.com

blogs.masterhacks.net

mimecast.com

Tags:

FireEye Red Team tools have been stolen

FireEye, one of the world's leading cybersecurity companies dedicated to vulnerability analysis and prevention, has reported being the victim of a cyberattack through which its Red Team pentesting...

References:

fireeye.com

github.com

us-cert.cisa.gov

cso.computerworld.es

theverge.com

fireeye.com

sec.gov

incibe-cert.es

microsoft.com

fireeye.com

microsoft.com

msrc-blog.microsoft.com

Tags:

Other critical infrastructures

Public administration

Tool

Unauthorized access to a Nitro database

The global document management company, Nitro, reported, on October 21, on limited access to one of its databases by an unauthorized third party.The affected database supports certain online...

References:

ir.gonitro.com

bleepingcomputer.com

siliconangle.com

redeszone.net

Tags:

Microsoft and several cybersecurity firms dismantle the TrickBot botnet

Microsoft and Lumen's cybersecurity firms ESET, FS-ISAC, NTT, Symantec and Black Lotus Labs have teamed up to dismantle the TrickBot botnet, one of the most active and dangerous in the world,...

References:

blogs.microsoft.com

microsoft.com

welivesecurity.com

Symantec Enterprise Blogs

zdnet.com

news.microsoft.com

xataka.com

Tags:

Industrial Control System

Other critical infrastructures

Public administration

Tool

Leaked Bing search data through an Elasticsearch server

Ata Hakcil, a security researcher at WizCas, discovered an information leak in Microsoft's Bing search service. Through a misconfigured Elasticsearch server, 6.5TB of information from searches made...

References:

zdnet.com

blogs.masterhacks.net

wizcase.com

theregister.com

unaaldia.hispasec.com

Tags:

Information leak in Microsoft account on GitHub

A cybercriminal has accessed the private repositories of the profile on Microsoft's GitHub and has stolen about 500 GB of information. The stolen data corresponds mainly to code samples, test...

References:

bleepingcomputer.com

elespanol.com

redeszone.net

zdnet.com

Tags:

Corporate access

Cybersecurity Highlights

Microsoft Power Apps put the confidentiality of millions of data at risk

Microsoft warns that government-backed cybercriminals gained access to email systems

Campaign targeting cybersecurity researchers detected

Malwarebytes, another victim of SolarWinds security incident perpetrators

A threat actor commits a Mimecast certificate

FireEye Red Team tools have been stolen

Unauthorized access to a Nitro database

Microsoft and several cybersecurity firms dismantle the TrickBot botnet

Leaked Bing search data through an Elasticsearch server

Information leak in Microsoft account on GitHub

Pages