Security News
An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft's management controls for Azure Cosmos DB - with full read and write privileges over customer databases. The so-called ChaosDB vuln gave Wiz researchers "Access to the control panel of the underlying service" that hosts Azure Cosmos, Microsoft's managed cloudy document database service, they said.
Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. "This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure," Amir Dahan, senior program manager for Azure Networking, said in a post, calling it a "UDP reflection" lasting for about 10 minutes.
Microsoft claims its Azure cloud has fended off the largest DDOS attack it's detected, which clocked in at 2.4Tbit/sec. Azure's mighty DDoS-reflection powers saw off the attack, so whoever was behind it didn't deny service for the "Azure customer in Europe" that Microsoft says was the target of the attack.
Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies. The decision to revoke the keys was taken after GitKraken's developer Axosoft notified Microsoft on September 28 that a bug in the keypair library's pseudo-random number generator led to duplicate RSA keys being generated.
Microsoft has mitigated a record 2.4 Tbps Distributed Denial-of-Service attack targeting a European Azure customer during the last week of August. "This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure," said Amir Dahan, a Senior Program Manager for Azure Networking, also describing it as a User Datagram Protocol reflection attack.
Microsoft has fixed a bug blocking some Azure Virtual Desktop devices from downloading and installing monthly security via Windows Server Update Services since early July. Microsoft also provides two workarounds that allow customers to apply monthly security updates on Azure Virtual Desktop systems using WSUS if they can't immediately deploy the KB5005565 CU that fixes the known issue.
Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory without generating sign-in events in the targeted organization's tenant," researchers from Secureworks Counter Threat Unit said in a report published on Wednesday.
Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday.The four security flaws were found in the Open Management Infrastructure software agent silently installed by Microsoft on more than half of all Azure instances.
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure that's automatically deployed in many Azure services -.
Manual updates required for existing Azure VMs. While working to address these bugs, Microsoft introduced an Enhanced Security commit on August 11, exposing all the details a threat actor would need to create an OMIGOD exploit. Automatic updates disabled: manually update extension using instructions here Azure Automation State Configuration, DSC Extension On Premises.