Security News

Dev creeped out after he fired up Ubuntu VM on Azure, was immediately approached by Canonical sales rep
2021-02-11 14:14

An Azure customer was outraged after finding himself on the receiving end of an unexpected LinkedIn message from Ubuntu maker Canonical last night. Shortly after a message turned up from an Enterprise Development representative at Ubuntu with the ominous phrase: "I saw that you spun up an Ubuntu image in Azure," and offering to be a point of contact.

Creeped-out dev spins up an Ubuntu VM on Azure only to be immediately approached by a Canonical sales rep
2021-02-11 14:14

An Azure customer was outraged after finding himself on the receiving end of an unexpected LinkedIn message from Ubuntu maker Canonical last night. Shortly after a message turned up from an Enterprise Development representative at Ubuntu with the ominous phrase: "I saw that you spun up an Ubuntu image in Azure," and offering to be a point of contact.

Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files
2021-02-08 12:07

CyberArk researchers have released BlobHunter, an open-source tool organizations can use to discover Azure blobs containing sensitive files they have inadvertently made public. Despite access to the files uploaded to cloud storages being by default private and cloud providers constantly sharing and reiterating best practices for securing them, misconfigurations happen all the time, making potentially sensitive information publicly accessible to anyone who knows how to find it.

Exposed Azure bucket leaked passports, IDs of volleyball reporters
2021-02-01 15:45

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. Reverse-image searches for headshots revealed that these well-known European volleyball players were either directly associated with CEV or were part of a volleyball team or federation affiliated with the CEV. BleepingComputer also found some of CEV's assets in the bucket, such as branding images with CEV logos on them.

European volleyball org's Azure bucket exposed reporter passports
2021-02-01 15:45

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. Reverse-image searches for headshots revealed that these well-known European volleyball players were either directly associated with CEV or were part of a volleyball team or federation affiliated with the CEV. BleepingComputer also found some of CEV's assets in the bucket, such as branding images with CEV logos on them.

New Docker Container Escape Bug Affects Microsoft Azure Functions
2021-01-27 07:59

Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. Following disclosure to Microsoft, the Windows maker is said to have "Determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host."

Malwarebytes says its Office 365, Azure tenancies invaded by SolarWinds hackers, insists its tools are still safe to use
2021-01-20 14:44

Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame. Malwarebytes, whose products include widely used anti-malware tools for consumers and businesses, said that it does not use SolarWinds but believes that the same attacker used "Another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments".

Malwarebytes says its Office 365, Azure tenancies have been breached, insists its tools are still safe to use
2021-01-20 14:44

Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame. Malwarebytes, whose products include widely used anti-malware tools for consumers and businesses, said that it does not use SolarWinds but believes that the same attacker used "Another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments".

Prosperoware adds data protection features for Office 365, supports Azure for storage
2021-01-18 08:36

Prosperoware announces data protection features for Office 365 including OneDrive, SharePoint Online, Teams, and support Azure for storage location as part of its CAM platform. Faced with increasing data loss concerns and regulatory oversight, organizations are looking for improved capabilities to protect data and comply with privacy and cybersecurity regulations.

Contentsquare partners with Microsoft Azure to accelerate digital transformation
2021-01-14 01:00

Contentsquare is now partnering with Microsoft Azure's cloud computing platform to accelerate its growth, drive peak performance and underpin successful innovation. Leveraging the Microsoft Azure cloud to accelerate growth.