Security News

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish
2024-12-19 05:30

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive,...

HubSpot phishing targets 20,000 Microsoft Azure accounts
2024-12-18 18:41

A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. [...]

Microsoft warns Azure Virtual Desktop users of black screen issues
2024-11-01 23:20

Microsoft warned customers they might experience up to 30 minutes of black screens when logging into Azure Virtual Desktop (AVD) after installing the KB5040525 Windows 10 July 2024 preview update. [...]

AWS, Azure auth keys found in Android and iOS apps used by millions
2024-10-22 20:19

Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing...

Microsoft creates fake Azure tenants to pull phishers into honeypots
2024-10-19 14:32

Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. [...]

Ransomware gangs now abuse Microsoft Azure tool for data theft
2024-09-17 16:14

Ransomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. [...]

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters
2024-08-20 09:36

Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and...

Mandatory MFA for Azure sign-ins is coming
2024-08-19 09:23

Microsoft is making multi-factor authentication - "One of the most effective security measures available" - mandatory for all Azure sign-ins. October 2024: MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center Early 2025: MFA required for signing in for Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code tools.

Azure domains and Google abused to spread disinformation and malware
2024-08-17 13:00

A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. [...]

Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service
2024-08-13 13:00

Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data. The critical issues, now patched by Microsoft, could have allowed access to cross-tenant resources within the service, Tenable said in a new report shared with The Hacker News.