Security News

Microsoft sets multi-factor authentication as default for all Azure AD customers
2022-06-01 15:39

Microsoft sets multi-factor authentication as default for all Azure AD customers. In a new blog post, the company revealed that it's adding multi-factor authentication as the default security setting for existing Azure customers who haven't changed that setting on their own.

Microsoft to force better security defaults for all Azure AD tenants
2022-05-27 15:59

Microsoft has announced that it will automatically enable stricter secure default settings known as 'security defaults' on all existing Azure Active Directory tenants in late June 2022.First introduced in October 2019 only for new tenants, security defaults are a set of basic security mechanisms designed to introduce good identity security hygiene with a minimum of effort, even for organizations that don't have an IT team.

Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory
2022-05-10 02:48

Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. "The vulnerability was specific to the third-party Open Database Connectivity driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime and did not impact Azure Synapse as a whole," the company said.

Webinar Optimizing Your Azure Sentinel Platform
2022-05-10 00:00

Organizations with investments in Azure are naturally looking to integrate Azure Sentinel and customize it for their specific needs. Those with complex, hybrid environments or with large volumes of data and legacy technology stacks find it difficult to focus more of their time on enabling Azure Sentinel's advanced capabilities, to provide more proactive, measurable threat management.

Microsoft releases fixes for Azure flaw allowing RCE attacks
2022-05-09 17:42

Microsoft has released security updates to address a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime infrastructure.The Integration Runtime compute infrastructure is used by Azure Synapse and Azure Data Factory pipelines to provide data integration capabilities across network environments package execution).

IAM software: Okta vs Azure Active Directory
2022-04-29 15:56

This all makes IAM solutions critical to any modern business, and two popular options in that category are Okta and Microsoft Azure Active Directory. Azure Active Directory is a separate cloud-based user management solution for Azure and web logins.

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
2022-04-29 05:04

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," Microsoft Security Response Center said.

Microsoft fixes ExtraReplica Azure bugs that exposed user databases
2022-04-28 17:34

Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," the Microsoft Security Response Center team explained today.

Phishing uses Azure Static Web Pages to impersonate Microsoft
2022-03-31 22:28

Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.

Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
2022-03-30 02:18

SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks. Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.