Security News

The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information. Mandiant, who has been tracking the activities of Cozy Bear, reports that the Russian hackers have been vigorously targeting Microsoft 365 accounts in espionage campaigns.

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.

Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.The Azure Site Recovery service is a disaster recovery service that will automatically fail-over workloads to secondary locations when a problem is detected.

GitHub Actions and Azure virtual machines are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily," Trend Micro researcher Magno Logan said in a report last week.

Resecurity's AI-powered solutions provide proactive alerts and visibility of digital risks targeting the enterprise ecosystem. By joining the Microsoft Azure marketplace, Resecurity's software solutions will be easily accessible to the millions of Azure customers needing comprehensive cybersecurity management and monitoring.

Microsoft has expanded its confidential computing offering and now allows Azure cloud computing service customers to create hardware isolated virtual machines with Ephemeral OS disks. With this new public preview feature, Azure customers can create ephemeral OS disks only on the local VM storage, thus ensuring that data remains 100% confidential since it will never be sent to remote Azure Storage.

Azure Active Directory now allows admins to issue time-limited passcodes that can be used to register new passwordless authentication methods, during Windows onboarding, or to recover accounts easier when losing credentials or FIDO2 keys. Described by Microsoft as a Temporary Access Pass, they can be utilized to register authentication details after enabling TAP in the Azure AD authentication method policy via the Azure portal.

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. Azure Service Fabric is Microsoft's platform-as-a-service and a container orchestrator solution used to build and deploy microservices-based cloud applications across a cluster of machines.

Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.

Microsoft has fixed a container escape vulnerability in the Service Fabric application hosting platform that would allow threat actors to escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.