Security News

Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle
2021-02-19 02:32

Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown. "There was no case where all repositories related to any single product or service was accessed," the update advises, adding: "There was no access to the vast majority of source code. For nearly all of code repositories accessed, only a few individual files were viewed as a result of a repository search."

SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune
2021-02-18 23:27

Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure builds upon an earlier update on December 31, 2020, that uncovered a compromise of its own network to view source code related to its products and services.

Microsoft: SolarWinds hackers downloaded some Azure, Exchange source code
2021-02-18 16:48

Microsoft announced today that the SolarWinds hackers gained access to source code for a limited number of Azure, Intune, and Exchange components. After internal investigations of their use of the SolarWinds platform, Microsoft announced in December that they were affected by the attack and that hackers could gain access to a limited amount of source code repositories.

Microsoft: SolarWinds hackers downloaded Azure, Exchange source code
2021-02-18 16:48

Microsoft announced today that the SolarWinds hackers gained access to source code for a limited number of Azure, Intune, and Exchange components. After internal investigations of their use of the SolarWinds platform, Microsoft announced in December that they were affected by the attack and that hackers could gain access to a limited amount of source code repositories.

You don't have clearance for that: Microsoft ups the paranoia with a preview of Azure Firewall Premium
2021-02-17 16:30

Microsoft has unveiled a preview of Azure Firewall Premium, aimed at highly sensitive and regulated environments. Azure Firewall was Microsoft's attempt to sling a virtual arm over the shoulders of harassed administrators while whispering "There now, don't worry about all that pesky firewall configuration stuff, let us take care of it" in its most seductive tone.

Microsoft releases Azure Firewall Premium in public preview
2021-02-16 21:20

Microsoft has announced that the new Premium tier for its managed cloud-based network security service Azure Firewall has entered public preview starting today. The Azure Firewall Premium public preview adds new capabilities required by highly sensitive and regulated environments.

Dev creeped out after he fired up Ubuntu VM on Azure, was immediately approached by Canonical sales rep
2021-02-11 14:14

An Azure customer was outraged after finding himself on the receiving end of an unexpected LinkedIn message from Ubuntu maker Canonical last night. Shortly after a message turned up from an Enterprise Development representative at Ubuntu with the ominous phrase: "I saw that you spun up an Ubuntu image in Azure," and offering to be a point of contact.

Creeped-out dev spins up an Ubuntu VM on Azure only to be immediately approached by a Canonical sales rep
2021-02-11 14:14

An Azure customer was outraged after finding himself on the receiving end of an unexpected LinkedIn message from Ubuntu maker Canonical last night. Shortly after a message turned up from an Enterprise Development representative at Ubuntu with the ominous phrase: "I saw that you spun up an Ubuntu image in Azure," and offering to be a point of contact.

Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files
2021-02-08 12:07

CyberArk researchers have released BlobHunter, an open-source tool organizations can use to discover Azure blobs containing sensitive files they have inadvertently made public. Despite access to the files uploaded to cloud storages being by default private and cloud providers constantly sharing and reiterating best practices for securing them, misconfigurations happen all the time, making potentially sensitive information publicly accessible to anyone who knows how to find it.

Exposed Azure bucket leaked passports, IDs of volleyball reporters
2021-02-01 15:45

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. Reverse-image searches for headshots revealed that these well-known European volleyball players were either directly associated with CEV or were part of a volleyball team or federation affiliated with the CEV. BleepingComputer also found some of CEV's assets in the bucket, such as branding images with CEV logos on them.