Security News

Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users
2022-01-27 13:12

Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second distributed denial of service attack targeting an Azure customer from Asia in November. Two more large size attacks followed this in December, also targeting Asian Azure customers, a 3.25 Tbps UDP attack on ports 80 and 443 and a 2.55 Tbps UDP flood on port 443.

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
2022-01-12 21:04

Cyberattackers are abusing Amazon Web Services and Azure Cloud services to deliver a trio of remote access trojans, researchers warned - all aimed at hoovering up sensitive information from target users. "When the initial script is executed on the victim's machine, it connects to a download server to download the next stage, which can be hosted on an Azure Cloud-based Windows server or an AWS EC2 instance."

Four years: That's how long Azure's App Service had a source code leak bug
2021-12-24 06:01

Microsoft has revealed a vulnerability in its Azure App Service for Linux allowed the download of files that users almost certainly did not intend to be made public. Microsoft bills the Azure App Service as just the thing if you want to "Quickly and easily create enterprise-ready web and mobile apps for any platform or device, and deploy them on a scalable and reliable cloud infrastructure."

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code
2021-12-23 19:04

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The Azure App Service is a cloud computing-based platform for hosting websites and web applications.

4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories
2021-12-23 02:00

A security flaw has been unearthed in Microsoft's Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. Microsoft said a "Limited subset of customers," adding "Customers who deployed code to App Service Linux via Local Git after files were already created in the application were the only impacted customers."

Microsoft Azure App Service flaw exposed customer source code
2021-12-22 19:15

A security flaw found in Azure App Service, a Microsoft-managed platform for building and hosting web apps, led to the exposure of PHP, Node, Python, Ruby, or Java customer source code deployed on Microsoft's cloud infrastructure. Only Azure App Service Linux customers were impacted by the issue discovered and reported by researchers at cloud security vendor Wiz.io, with IIS-based applications deployed by Azure App Service Windows customers not being affected.

XMGoat: Open-source pentesting tool for Azure
2021-12-08 06:30

XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within the Azure environment. Misconfigurations within Azure environments are common.

ChaosDB: Infosec bods could pull anyone's plaintext Azure Cosmos DB keys at will from Microsoft admin tools
2021-11-12 19:19

An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft's management controls for Azure Cosmos DB - with full read and write privileges over customer databases. The so-called ChaosDB vuln gave Wiz researchers "Access to the control panel of the underlying service" that hosts Azure Cosmos, Microsoft's managed cloudy document database service, they said.

Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers
2021-10-14 07:15

Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. "This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure," Amir Dahan, senior program manager for Azure Networking, said in a post, calling it a "UDP reflection" lasting for about 10 minutes.

Microsoft says Azure fended off what might just be the world's biggest-ever DDoS attack
2021-10-13 07:00

Microsoft claims its Azure cloud has fended off the largest DDOS attack it's detected, which clocked in at 2.4Tbit/sec. Azure's mighty DDoS-reflection powers saw off the attack, so whoever was behind it didn't deny service for the "Azure customer in Europe" that Microsoft says was the target of the attack.