#AxisOfEasy 373: Microsoft Admits Losing Weeks Of Security Logs For Cloud Products


Weekly Axis Of Easy #373


Last Week’s Quote was: “The first condition of progress is the removal of censorship,”  was by George Bernard Shaw.  John got it right.  Congrats 🙂 

This Week’s Quote: “The single greatest strength of free markets is their ability to generate innovative things whose popularity makes no sense. ”  By ???

THE RULES: No searching up the answer, must be posted at the bottom of the blog post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of October 21st, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.


In this issue: 

  • Microsoft Admits Losing Weeks of Security Logs for Cloud Products
  • Samsung Hit by Dangerous Zero-Day Exploit in Mobile Processors
  • BT⚡TV 16: Marc Morano – CBDC’s Are About Creating a Permission-Based Society
  • SEC Fines Tech Giants for Misleading SolarWinds Hack Disclosures
  • Massive UN Database Exposed Sensitive Information Online
  • Global Broadcasters Unite to Fight Disinformation

Elsewhere Online:

  • North Korean Group Expands Cyber Arsenal with Play Ransomware
  • Russian Hackers Target Ukrainian Recruits with Malware-Laden Apps
  • Critical WebGPU Vulnerability Found, Chrome Users Urged to Update
  • Apple Rushes Security Update to Patch Major Vulnerabilities
  • Dangerous AI Transcription Tool Used in Hospitals Despite Known Risks

Microsoft Admits Losing Weeks of Security Logs for Cloud Products

Microsoft notified customers that a bug in its internal monitoring agents disrupted the uploading of log data between September 2 and September 19, affecting key services like Entra, Sentinel, Defender for Cloud, and Purview. The outage, which Microsoft claims was not tied to a security incident, left network defenders blind to critical security events, impairing their ability to analyze data, detect threats, and generate alerts. Though Microsoft has rolled back a service change to address the issue and promised support, the malfunction highlights gaps in monitoring crucial to maintaining secure networks.

Only those with tenant admin rights received the outage notifications, limiting the spread of this information. Business Insider reported the log disruption, while researcher Kevin Beaumont flagged the notification’s restricted access. This incident follows scrutiny Microsoft faced last year when federal investigators criticized the company for withholding security logs from U.S. government agencies, complicating efforts to detect breaches. Chinese-backed hackers, known as Storm-0558, exploited these gaps, stealing a digital skeleton key to access sensitive government emails. The State Department uncovered the intrusion only because it had a higher-tier license with expanded log access. In response to criticism, Microsoft began providing more comprehensive logs to lower-tier cloud customers starting September 2023.

Read: https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/


Samsung Hit by Dangerous Zero-Day Exploit in Mobile Processors

Samsung’s October 2024 security patch addresses CVE-2024-44068, a zero-day vulnerability rated 8.1 on the CVSS scale, affecting Exynos processors (9820, 9825, 980, 990, 850, W920) used in mobile and wearable devices. The vulnerability, disclosed by Google researcher Xingyu Jin in July 2024, is a use-after-free bug in the m2m scaler driver, which handles hardware acceleration for media processing. Google’s Threat Analysis Group (TAG), represented by Jin and Clement Lecigene, confirms active exploitation in the wild.

The bug emerges during I/O virtual memory management when userspace pages are mapped, used, and unmapped, causing a mismatch in reference counts. Attackers exploit this flaw by allocating PFNMAP pages, freeing them, and remapping I/O memory, enabling privilege escalation. This exploit chain allows arbitrary code execution within the privileged cameraserver process, which disguises itself as ‘vendor.samsung.hardware.camera.provider@3.0-service’ to impede forensic detection.

The attack culminates in a Kernel Space Mirroring Attack (KSMA), compromising Android kernel isolation via firmware commands that overwrite I/O virtual pages. Although TAG withholds specifics on observed attacks, its track record suggests spyware vendors likely weaponized this exploit to target Samsung users, highlighting persistent threats to mobile security from sophisticated actors.

Read: https://www.securityweek.com/google-warns-of-samsung-zero-day-exploited-in-the-wild/

 

BT⚡TV 16: Marc Morano – CBDC’s Are About Creating a Permission-Based Society

Former US Senate staffer Marc Morano joins Mark Jeftovic on this episode of BombthrowerTV where they talked about Covid Tyranny, climate hysteria and the coming Central Bank Digital Currencies (CBDC) that will be used to impose individualized carbon quotas on everybody.

Watch: https://bombthrower.com/podcast/bttv-16-marc-morano-cbdcs-are-about-creating-a-permission-based-society/


SEC Fines Tech Giants for Misleading SolarWinds Hack Disclosures

The SEC has charged Unisys, Avaya, Check Point, and Mimecast with misleading investors by minimizing the impact of the 2020 SolarWinds supply chain attack, where Russian state hackers embedded Sunburst malware into SolarWinds’ Orion software. The breach enabled remote access to compromised systems across multiple companies and U.S. government agencies. The SEC alleges these firms concealed key details, violating the Securities Act of 1933 and the Securities Exchange Act of 1934.

Unisys, fined $4 million, framed cyber risks as hypothetical despite suffering two SolarWinds-related breaches with gigabytes of stolen data. The company also violated internal disclosure controls. Avaya, penalized $1 million, disclosed limited email access while omitting that hackers accessed 145 files in its cloud system. Check Point, fined $995,000, employed vague language to obscure the extent of its exposure. Mimecast, with a $990,000 fine, withheld critical details about stolen code and encrypted credentials.

The companies neither admitted nor denied wrongdoing but agreed to pay fines and cease future violations. In July 2024, a judge dismissed most SEC charges against SolarWinds and its CISO, Timothy Brown, related to the hack. The SEC’s Sanjay Wadhwa emphasized the importance of transparent cybersecurity disclosures, warning firms not to mislead shareholders about breaches.

Read: https://www.infosecurity-magazine.com/news/sec-charges-solarwinds-hack/


Massive UN Database Exposed Sensitive Information Online

The UN Trust Fund to End Violence Against Women inadvertently exposed over 115,000 sensitive files through an unsecured online database. Documents included staffing details, contracts, financial audits with bank account information, and letters from survivors of kidnapping, abuse, and trauma, revealing deeply personal experiences—including from a person with HIV whose story involved rejection by family and friends. Jeremiah Fowler, a security researcher, discovered the unprotected database and disclosed it to the UN, which secured it and initiated containment efforts.

This breach not only exposed operational data but also illuminated financial flows between UN Women and civil society groups operating in regions under authoritarian regimes, putting both organizations and individuals at risk. Detailed breakdowns of funding sources, budgets, and staff connections within and across organizations could enable malicious actors—such as scammers or repressive governments—to map networks, impersonate UN bodies, or target aid recipients with extortion attempts.

UN Women acknowledged Fowler’s contribution and emphasized that they are assessing communication with potentially affected individuals while learning from the incident to prevent future breaches. Fowler warned that even small cybersecurity lapses carry grave consequences, especially for organizations serving marginalized groups like women, children, and LGBTQ people, whose safety can depend on operational anonymity.

Read: https://www.wired.com/story/un-women-database-exposure/


Global Broadcasters Unite to Fight Disinformation

At the 2024 Public Broadcasters International conference in Ottawa, state-funded broadcasters—including CBC/Radio-Canada, ABC, BBC, ZDF, and France TV—adopted the Ottawa Declaration, a manifesto targeting disinformation. Spearheaded by CBC and backed by the Public Media Alliance’s Global Task Force, the declaration calls for social media platforms to implement safeguards against the spread of disinformation and impostor content. Broadcasters demand fair distribution of their content on these platforms, citing the struggle of professional journalism to gain visibility online amid rising misinformation and the collapse of local news outlets.

Framing disinformation as a threat to democracy, the declaration mirrors concerns from U.S. and German politicians, blaming algorithms and malicious actors for destabilizing societies. The signatories pledge to promote “civil democratic debate” through controversial tools such as fact-checkers and content provenance verification. Additionally, they emphasize that public service media provides high-quality news essential to democratic health.

In a nod to current trends, the declaration commits to responsible AI use, focusing on transparency and ensuring the fair use of content. Broadcasters argue their efforts are critical as misinformation and technological disruptions escalate. Their demands reflect a growing tension between legacy media’s traditional role and the changing dynamics of information distribution in the digital age.

Read: https://reclaimthenet.org/canadas-state-funded-legacy-media-unite-to-combat-disinformation



Elsewhere Online:

Remote Hackers Exploit FortiManager Flaw, Exfiltrate Sensitive Data
Read: https://www.securityweek.com/fortinet-confirms-zero-day-exploit-targeting-fortimanager-systems/

Malicious Actors Exploiting SharePoint Bug for Remote Code Execution
Read: https://www.darkreading.com/vulnerabilities-threats/microsoft-sharepoint-vuln-active-exploit

TA866 Group Targets Systems with Advanced WarmCookie Malware
Read: https://hackread.com/ta866-group-warmcookie-malware-espionage-campaign/

New Rust-based Tools Help Embargo Ransomware Group Evade Detection
Read: https://www.infosecurity-magazine.com/news/embargo-ransomware-defense-evasion/

US Government Moves to Safeguard Citizen Data from Foreign Access
Read: https://www.securityweek.com/cisa-doj-propose-rules-for-protecting-personal-data-against-foreign-adversaries/

 

If you missed the previous issues, they can be read online here:

 


 

Leave a Reply

Your email address will not be published. Required fields are marked *