Security News
Infosec outfit Wiz has revealed that Microsoft's flagship Azure database Cosmos DB could have been exploited to grant any Azure user full admin access - including the ability to read, write and delete data - to any Cosmos DB instance on Azure. Wiz has named the flaw ChaosDB. "By exploiting a chain of vulnerabilities in the Jupyter Notebook feature of Cosmos DB, a malicious actor can query information about the target Cosmos DB Jupyter Notebook," reads Wiz's explanation.
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. Cosmos DB is Microsoft's proprietary NoSQL database that's advertised as "a fully managed service" that "Takes database administration off your hands with automatic management, updates and patching."
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. Cosmos DB is Microsoft's proprietary NoSQL database that's advertised as "a fully managed service" that "Takes database administration off your hands with automatic management, updates and patching."
Starting this week, Microsoft customers can use the Azure Virtual Desktop to virtualize a Windows 11 preview desktop on Azure virtual machines. "Azure Virtual Desktop has become a popular cloud VDI platform to run desktops and apps in the cloud and deliver a full Windows experience to users virtually anywhere," said Kam VedBrat, GM for Windows Virtual Desktop at Microsoft.
A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. On August 2nd, Microsoft launched their Windows 365 cloud-based desktop service, allowing users to rent Cloud PCs and access them via remote desktop clients or a browser.
Microsoft says that the Azure Sentinel cloud-native SIEM platform is now able to detect potential ransomware activity using the Fusion machine learning model. Microsoft announced today that its cloud-based SIEM now supports Fusion detections for possible ransomware attacks and triggers high severity Multiple alerts possibly related to Ransomware activity detected incidents.
IronNet Cybersecurity announced expanded support for detecting and preventing cyber attacks in Microsoft Azure. As a Microsoft partner, IronNet and its Collective Defense platform provide support that enables its Microsoft customers to execute safe and seamless migrations to the cloud amidst the aggressive volume and increasing sophistication of cyber threats.
Paian IT Solutions and Corent Technology create a transactable presence for cloud optimization services on Microsoft's Azure Marketplace. Paian's vision is to reach the entire Azure customer base across the region, offering PASOS - Paian's Azure Spend and Optimization services.
Microsoft has announced that the Web Application Firewall bot protection feature has reached general availability on Azure Application Gateway starting this week. Azure Web Application Firewall is a cloud-native service designed to protect customers' web applications from bot attacks, common exploits, as well as common web vulnerabilities, including cross-site scripting, SQL injection, broken auth, security misconfigurations, and more.
EMQ announced that EMQ X Cloud is now available on Microsoft Azure. EMQ X Cloud is a fully managed MQTT service built on the worldwide used open-source MQTT broker - EMQ X, which has more than 10 million downloads and hundreds of thousands of deployments around the globe.