Microsoft and Proximus Group have formally signed a 5-year strategic partnership, allowing both companies to strengthen their digital lead and accelerate their innovative offerings to business and residential customers in Belgium and abroad. Both Proximus and Microsoft will reinforce their leadership positions thanks to this partnership.  Microsoft will strengthen its use of the best-in-class products of Proximus' international affiliates BICS, Telesign and Route Mobile, while Proximus will benefit from Microsoft's Azure Cloud, leveraging all innovative AI & Data evolutions. The newly formed strategic partnership between Microsoft and Proximus, will allow both parties to leverage their respective expertise and product leadership, accelerated by the power and potential of AI-applications and solutions. It focuses on three key areas: 

• Communication Platform as a Service (CPaaS) and Digital Identity (DI) Collaboration: The partnership will focus on advancing communication platform services, enabling seamless customer engagement across multiple channels. Proximus Group's expertise in CPaaS and DI, with Telesign and Route Mobile enabled by BICS global networks and coverage will drive innovation in customer communication and security services even further thanks to this partnership. Both organizations will increase their collaboration to make the digital world a safer place, by ensuring trusted communication through Digital Identity and anti-fraud solutions. 

• Proximus joining forces with Microsoft for a strategic cloud transformation: Key platforms will be migrated to Azure cloud services, ensuring enhanced scalability, quicker market delivery, and strengthened security. The transformation will accelerate the integration of the newest generative AI technologies in customer service and operations. Additionally, it will provide Proximus engineers with a best-in-class development environment to build innovative products and experiences. 

• Enhanced Go-to-Market for Proximus: Microsoft will work closely with Proximus to optimize its go-to-market strategy, empowering Proximus to optimize its reseller role for Microsoft products and services in Belgium. This collaboration will strengthen Proximus' position as a top-tier Microsoft reseller in the region and will benefit all Proximus customers who are also users of Microsoft products and services. Another concrete example of this collaboration: the two partners are already working hand in hand to bring some particularly innovative sovereign cloud solutions to market. 

Microsoft and Proximus: Advancing Technology

The collaboration between Microsoft and Proximus underscores their shared commitment to drive technological advancement and deliver unparalleled value to customers across Belgium and abroad. Both companies are enthusiastic about the future possibilities and are eager to shape the technological landscape together. Marijke Schroos, General Manager of Microsoft Belux, stated, “This strategic partnership is a confirmation of the shared vision of Microsoft and Proximus when it comes to leveraging the power of innovation through cloud applications and AI innovation. Our combined strengths will create a true powerhouse of technological innovation to the benefit of our partners, customers and society as a whole.” Guillaume Boutin, CEO of Proximus, shared his excitement: “I'm particularly enthusiastic about this partnership, because when two leading companies join forces, the results are bound to be positive. Our international expansion strategy is bearing fruit, as it now puts us in the right position to sign relevant partnerships with the biggest players in the IT and digital sector, such as Microsoft. This strategic partnership represents excellent news for our business and residential customers, which will continue to benefit from cutting-edge technology and seamless connectivity.” Boutin also emphasized the benefits for Proximus: “It’s also good news for Proximus as a group, because it will lead Microsoft to strengthen its use of our best-in-class products suites of CPaaS & DI. This new strategic partnership with Microsoft, which will open up new frontiers in communication services, shows how Proximus Group is on track to further redefine customer experiences in Belgium and abroad thanks to the combined efforts of our international affiliates BICS, Telesign and Route Mobile.”

Cyble Research & Intelligence Labs (CRIL) last week analyzed 154 vulnerabilities in its weekly vulnerability report, including critical flaws in products from the likes of Microsoft, VMware, Veeam and ASUS. A whopping 126 of the vulnerabilities occurred in Siemens industrial control systems (ICS) products, potentially putting critical manufacturing infrastructure at risk. About 25,000 new security vulnerabilities are discovered each year, yet only a small percentage of those are actively exploited by threat actors. To help security teams focus on the most important vulnerabilities and threats, The Cyber Express is collaborating with Cyble’s highly skilled dark web and threat intelligence researchers to highlight security vulnerabilities that warrant particularly close attention.

The Week’s Top Vulnerabilities

Cyble’s weekly report focused on 9 of the vulnerabilities in particular; they are:

CVE-2024-37079, CVE-2024-37080 and CVE-2024-37081: VMware

Impact Analysis: These critical and high severity heap-overflow and privilege escalation vulnerabilities impact the VMware vCenter Server, a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts. With the global usage of the impacted product and the history of leveraging flaws impacting vCenter, there is strong potential for threat actors (Tas) to leverage these critical vulnerabilities also. Internet Exposure: Yes Available Patch? Yes

CVE-2024-3080: ASUS Router Bypass

Impact Analysis: This critical authentication bypass vulnerability impacts certain ASUS router models, allowing unauthenticated remote attackers to log in to the device. Recently, the Taiwan Computer Emergency Response Team informed users about the vulnerability and released an advisory with fixes to patch the flaw. Internet Exposure: Yes Patch Available? Yes

CVE-2024-3912: ASUS Arbitrary Firmware Upload Vulnerability

Impact Analysis: This critical arbitrary firmware upload vulnerability impacts certain ASUS router models, allowing unauthenticated remote attackers to execute arbitrary system commands on the device. The Taiwan Computer Emergency Response Team also informed users about this vulnerability and released an advisory with fixes to patch the flaw. Internet Exposure: Yes Patch Available? Yes

CVE-2024-29855: Veeam Recovery Orchestrator

Impact Analysis: This critical authentication bypass vulnerability impacts the Veeam Recovery Orchestrator. The recovery solution extends the capabilities of the Veeam Data Platform by automating recovery processes and providing comprehensive reporting and testing features. The availability of a recent publicly available proof-of-concept (PoC) exploit for this vulnerability elevates the risk of exploitation in attacks by TAs. Internet Exposure: No Patch Available? Yes

CVE-2024-30103: Microsoft Outlook RCE Vulnerability

Impact Analysis: This high-severity remote code execution (RCE) vulnerability impacts Microsoft Outlook. Since the zero-click RCE flaw can be exploited simply by opening and previewing an email that contains a malicious payload in the body of the email, requiring no further interaction from the user, there are high possibilities for the weaponization of the vulnerability by TAs in targeting government and private entities. Internet Exposure: No Patch Available? Yes

CVE-2024-30078: Windows Wi-Fi Driver RCE Vulnerability

Impact Analysis: This high severity remote code execution (RCE) vulnerability impacts Windows Wi-Fi Driver. With the wide usage of Windows devices around the world and the ability to exploit without the need for any user interaction, TAs can leverage the flaw to gain initial access to the devices and later install malware and exfiltrate user data. Internet Exposure: No Patch Available? Yes

CVE-2024-37051: JetBrains GitHub Plugin Vulnerability

Impact Analysis: This critical vulnerability in the JetBrains GitHub plugin on the IntelliJ open-source platform affects all IntelliJ-based IDEs, leading to the exposure of GitHub access tokens. TAs can leverage the vulnerability by using exposed tokens to gain unauthorized access to user GitHub accounts and repositories and possibly deploy malicious code or delete the repositories. Internet Exposure: No Patch Available? Yes

CISA Adds 5 Vulnerabilities to KEV Catalog

Five of the vulnerabilities in the Cyble report were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog:

• CVE-2024-32896, an Android Pixel vulnerability with a 7.8 CVSSv3 criticality score
• CVE-2024-26169, a Microsoft Windows error reporting service elevation of privilege vulnerability with a 7.8 criticality rating
• CVE-2024-4358, a Progress Telerik Report Server vulnerability with a 9.8 rating
• CVE-2024-4610, an Arm Mali GPU Kernel Driver vulnerability with a 5.5 rating
• CVE-2024-4577, a PHP remote code execution flaw, a 9.8 vulnerability that Cyble addressed in last week’s report

The full Cyble report available for clients covers all these vulnerabilities, along with details and discussion around exploits found on the dark web, industrial control system (ICS) vulnerability intelligence, and cybersecurity defenses. Cyble security analysts also conducted scans of customer environments to alert them of any exposures – and found more than 2 million exposures to 13 of the vulnerabilities. Stay ahead of cyber threats with the Weekly Vulnerability Intelligence Report by Cyble, brought to you by The Cyber Express. Subscribe now for the latest insights powered by Cyble's advanced AI-driven threat intelligence.

One of Australia’s largest telecommunications companies Optus could have averted the massive 2022 data breach that leaked nearly 9.5 million individuals’ sensitive personal information, the Australian telecom watchdog said. The Australian Communications and Media Authority in a filing with the Federal Court said, “[Optus] cyberattack was not highly sophisticated or one that required advanced skills.” Its investigation attributed the 2022 Optus data breach to an access control coding error that left an API open to abuse. The investigation details of ACMA comes weeks after the telecom watchdog took legal action against Optus, in the same court, for allegedly failing to protect customer data adequately.

Coding Error and API Mismanagement Led to Optus Data Breach

The ACMA claimed that Optus had access controls in place for the API but a coding error inadvertently weakened these controls allowing them to be bypassed. This error left the API vulnerable, especially since it was internet-facing and dormant for an extended period. The vulnerability was reportedly introduced through a coding error in September 2018 and was first noticed in August 2021. But this issue was only fixed for the main site – www.optus.com.au – and not the subdomain (likely api.www.optus.com.au) where the vulnerable API endpoint was hosted.

“The coding error was not identified by Optus until after the cyberattack had occurred in mid-September 2022. Optus had the opportunity to identify the coding error at several stages in the preceding four years including: when the coding change was released into a production environment in September 2018; when the Target Domain (and the Main Domain) became internet-facing through the production environment in June 2020; and when the coding error was detected for the main domain in August 2021.” – ACMA

But the company failed to do so causing alleged harm to more than one-third (approximately 36%) of the Australian population. The telco watchdog alleged that Optus’ failure to protect customer data constitutes a breach of its obligations under Australian law.

Optus’ Response to ACMA’s Allegations

Optus, in a statement to The Cyber Express, confirmed the vulnerability and provided details on the cyberattack. “The cyberattack resulted from the cyber attacker being able to exploit a previously unknown vulnerability in our defenses that arose from a historical coding error,” said Interim CEO of Optus Michael Venter.

“This vulnerability was exploited by a motivated and determined criminal as they probed our defenses, and then exploited and evaded these defenses by taking steps to bypass various authentication and detection controls that were in place to protect our customers’ data. The criminal did this by mimicking usual customer activity and rotating through tens of thousands of different IP addresses to evade detection.” – Michael Venter, Interim CEO of Optus

Venter said following the 2022 Optus data breach, the company has reviewed and updated its systems and processes. It has invested in heightened cyber defenses to address the increased global cyber risk environment. The company expressed regret over the incident and emphasized its commitment to protecting customer data. “Our customers expected their information would remain safe. We accept that this did not happen, and the cyber attacker gained unauthorised access to some of their information,” Venter said. Optus suffered a major customer data breach in 2022 that gave malicious actors access to about 9.5 million former and current customers' sensitive information including names, birth dates, phone numbers, email addresses and, for a subset of customers (2,470,036), addresses and ID document numbers such as driver’s license or passport numbers. Of these, the hacker also released the personally identifiable information (PII) of 10,200 Optus customers on the dark web.

Deloitte Report Handed to the Federal Court

Post the hack, although the privacy commissioner and ACMC held detailed investigations, Optus itself commissioned an independent external review of the cyberattack. Despite attempts to keep the document confidential, the Australian federal court ordered Optus last month to file this report with the court, which is expected to provide crucial insights into the breach. “Optus is working with the ACMA and separately Slater and Gordon with the intention of providing them with a confidential version of the Deloitte Report that appropriately protects our customer data and systems from cybercriminals,” Venter told The Cyber Express. The forensic report prepared by Deloitte detailing the technical aspects of the breach was finally handed over to the federal court on Friday. The details revealed in this report will also be used in a separate class action against Optus.

“Much to do to Fully Regain our Customers’ Trust”

Optus has acknowledged the breach’s impact on customer trust, with Venter expressing deep regret for the incident. Optus has reimbursed 20,071 current and former customers for the cost of replacing identity documents. The company is also covering costs incurred by government agencies related to the breach. Optus has pledged to cooperate with the ACMA’s investigation and defend its actions in court, aiming to correct any misconceptions and improve its cybersecurity measures.

“Optus recognizes that we still have much to do to fully regain our customers’ trust and we will continue to work tirelessly towards this goal,” – Michael Venter

The Optus data breach highlights the critical importance of robust access controls and diligent monitoring of cybersecurity vulnerabilities. The incident serves as a cautionary tale for organizations worldwide to ensure comprehensive protection of sensitive data and maintain customer trust through proactive and transparent security practices. As the case progresses, it will provide further insights into the complexities of cybersecurity in the telecommunications sector and the measures necessary to prevent similar breaches in the future.