September 17, 2024 at 12:16PM Ransomware gangs like BianLian and Rhysida are increasingly utilizing Microsoft’s Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. Despite extra work required to get Azure Storage Explorer operational, the focus on data theft is indicative of the increasing leverage for … Read more
August 20, 2024 at 05:14PM Microsoft addressed a critical privilege escalation vulnerability in its Azure Kubernetes Service (AKS). Attackers could gain access to credentials and perform malicious actions in affected AKS clusters. The vulnerability, which did not require special privileges, led to unauthorized access to cluster contents. Security teams should audit AKS configurations and take … Read more
August 20, 2024 at 06:42AM Microsoft will make multi-factor authentication (MFA) mandatory for all Azure customers starting in October. This measure aims to reduce the risk of account compromise and data breaches. Notifications will be sent out to customers to prepare for the enforcement date, and various MFA options will be available, with exceptions until … Read more
August 16, 2024 at 03:11PM Microsoft urged Entra global admins to enable multi-factor authentication (MFA) for their tenants by October 15 to enhance security and protect against phishing and hijacking attempts. Admins can delay MFA enforcement until April 15, 2025, but it’s advised to set up MFA now to secure cloud resources. MFA will gradually … Read more
June 5, 2024 at 02:48AM A vulnerability in Microsoft’s Azure cloud allows potential access to other users’ private web resources. The issue stems from Service Tags, potentially allowing cross-tenant attacks. Despite Microsoft’s initial refusal to classify it as a vulnerability, it confirmed the flaw and offered a bug bounty. Subsequently, Microsoft decided to address the … Read more
June 3, 2024 at 02:59PM Tenable researchers discovered a high-severity vulnerability in Azure Service Tags, potentially allowing access to customers’ private data. Attackers could exploit the vulnerability to impersonate trusted Azure services, bypass firewall rules, and access internal APIs. Microsoft contends Service Tags are not a security boundary and advises additional authentication and authorization layers … Read more
April 17, 2024 at 09:00AM The increasing adoption of public cloud platforms prompts companies to shift their security toolsets. While the best-of-breed model involves using multiple third-party security solutions, it creates gaps and inefficiencies. Alternatively, the native-first cloud security approach, utilizing integrated first-party solutions, offers greater cost efficiency and improved security resilience, reducing attack surface, … Read more
February 13, 2024 at 09:25AM A phishing campaign targeting senior business executives and other high-level roles has seen a spike in compromised accounts, including hundreds of cloud account takeovers and numerous Azure environments affected. The attackers aim to gain access to privileged accounts, steal sensitive data, and manipulate multi-factor authentication methods. Researchers advise vigilance and … Read more
February 12, 2024 at 11:21AM A cloud account takeover campaign has affected numerous Azure environments and compromised many user accounts. The campaign specifically targets senior personnel. This ongoing threat is a significant security concern within the Azure cloud environment, as reported by SecurityWeek. Based on the meeting notes, it appears that there has been a … Read more
December 14, 2023 at 06:07AM Miscreants are using OAuth to automate financially motivated cyber crimes, such as BEC, phishing, and deploying virtual machines for crypto mining, as highlighted by Microsoft. These criminals leverage compromised accounts to create OAuth applications and manipulate user permissions. Microsoft suggests monitoring Azure audit logs for illicit mining activities and enabling … Read more