December 11, 2024 at 03:50PM Researchers at Oasis Security exploited a Microsoft Azure multifactor authentication vulnerability, dubbed “AuthQuake,” allowing unauthorized access to user accounts, including Microsoft 365 services. The flaw, caused by a lack of rate limits during MFA sign-in attempts, was fixed by Microsoft in October 2023. Recommendations for improved security were provided. ### … Read more
September 18, 2024 at 06:47AM Microsoft Azure Private 5G Core (AP5GC) has two critical vulnerabilities. The first (CVE-2024-20685) can lead to potential service outages, while the second (ZDI-CAN-23960) can disrupt network operations. These exploits underscore systemic weaknesses, particularly the lack of mandatory authentication procedures between base stations and packet-cores, posing potential denial-of-service threats. From the … Read more
August 21, 2024 at 07:42AM A privilege escalation vulnerability in Microsoft Azure Kubernetes Services allowed attackers to access sensitive information, including cluster credentials. The flaw impacted clusters using Azure CNI and Azure for network policy. Exploiting this flaw, attackers could access secrets, compromise clusters, and abuse cloud services and metadata servers, potentially leading to network … Read more
August 20, 2024 at 06:42AM Microsoft will make multi-factor authentication (MFA) mandatory for all Azure customers starting in October. This measure aims to reduce the risk of account compromise and data breaches. Notifications will be sent out to customers to prepare for the enforcement date, and various MFA options will be available, with exceptions until … Read more
August 13, 2024 at 02:40PM Multiple privilege escalation issues in Microsoft Azure’s Health Bot service allowed server-side request forgery and potential access to cross-tenant resources. Quickly patched by Microsoft, these vulnerabilities highlight concerns about chatbot risks, specifically regarding access to sensitive health information. Tenable Research found that exploitation could lead to management capabilities for other … Read more
August 13, 2024 at 10:12AM Researchers discovered critical security flaws in Microsoft’s Azure Health Bot Service, allowing unauthorized access to patient data and system resources. Tenable reported finding vulnerabilities related to data connections and an endpoint supporting the Fast Healthcare Interoperability Resources data exchange format. Microsoft has since patched these issues, emphasizing the importance of … Read more
August 12, 2024 at 05:01AM Cloud platforms are increasingly relied upon, prompting heightened cybersecurity threats. Addressing this, the virtual SANS Cloud Security Exchange 2024 on 27th August provides free access to expert insights, best practices, and networking opportunities. With sessions on modernizing cloud security, identity, proactive security principles, and AI, it offers valuable knowledge and … Read more
July 31, 2024 at 03:18PM Microsoft cited an implementation error that worsened a DDoS attack, disrupting its Azure cloud services for about 8 hours. The attack impacted various Azure services and was described as causing service errors, timeouts, and latency increases. The company stated it’s internally investigating the incident and plans to release a Preliminary … Read more
June 28, 2024 at 02:47AM Microsoft published details about the Skeleton Key technique, which bypasses safety mechanisms in AI models to generate harmful content. This could prompt AI models to provide instructions for creating a Molotov cocktail. The technique highlights the ongoing challenge of suppressing harmful content within AI training data, despite efforts by companies … Read more
May 15, 2024 at 07:06AM The text discusses the recent push for IT professionals to transition their virtualized infrastructure from VMware vSphere to Microsoft Azure. It outlines a comprehensive guide with steps for planning, executing, and validating the migration process. Additionally, it highlights Zerto as an automated and orchestrated solution for VMware vSphere to Microsoft … Read more