Security News
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. The entire set of malicious packages was disclosed to the NPM maintainers roughly two days after they were published, leading to their quick removal, but not before each of the packages were downloaded around 50 times on average.
A group of more than 200 malicious npm packages targeting developers who use Microsoft Azure has been removed two days after they were made available to the public. This group of packages grew from about 50 to at least 200 by March 21.
Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.
Last November, Rajesh Ramamurthy, director of product management for Azure DevOps, announced plans to phase out support for TLS 1.0/1.1 because of the risk of protocol downgrade attacks and other TLS vulnerabilities outside Microsoft's control. TLS downgrade attacks aim to turn strong, more recent versions of TLS into weaker, earlier versions of the protocol to facilitate further exploitation.
Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. The Azure Automation service allows for process automation, configuration management, and handling operating system updates within a defined maintenance window across Azure and non-Azure environments.
Microsoft has acknowledged the existence of a flaw in its Azure cloud computing service that allowed users full access to other users' accounts. As Microsoft has admitted, its service went a bit too far and "a user running an automation job in an Azure Sandbox could have acquired the Managed Identities tokens of other automation jobs, allowing access to resources within the Automation Account's Managed Identity."
Microsoft has addressed a vulnerability in the Azure Automation service that could have allowed attackers to take complete control over other Azure customers' data.Microsoft Azure Automation Service provides process automation, configuration management, and update management features, with each scheduled job running inside isolated sandboxes for each Azure customer.
Microsoft announced the general availability of hotpatching for Windows Server Azure Edition core virtual machines allowing admins to install Windows security updates on supported VMs without requiring server restarts. The feature works with newly deployed Azure virtual machines running Windows Server 2022 Datacenter: Azure Edition Core Gen2 images and is available in all global Azure regions.
Microsoft this week revealed that it had fended off a record number of distributed denial-of-service attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second. One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes.
Microsoft's threat analysts have uncovered a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices onto the target's network and use them to distribute phishing emails. "The inbox rule allowed the attackers to avoid arousing the compromised users' suspicions by deleting non-delivery reports and IT notification emails that might have been sent to the compromised user."