Security News
Developed with Amazon Web Services and Microsoft Azure, each new HITRUST Shared Responsibility Matrix aligns with the cloud service provider's unique solution offering. Leading cloud service providers have long supported shared responsibility models, whereby the provider assumes some security responsibility for hosting applications and systems, while the organization deploying its solutions in the cloud assumes partial or shared responsibility for others.
"CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment," the US federal agency said. Sparrow checks the unified Azure/M365 audit log for indicators of compromise, lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions to discover potential malicious activity.
The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "Abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago. The undisclosed affected reseller's Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.
Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials. While performing their investigation, CrowdStrike was told by Microsoft on December 15th that a compromised Microsoft Azure reseller's account was used to try and read CrowdStrike's emails.
A business app developer's unsecured Microsoft Azure blob left more than half a million confidential and sensitive documents belonging to its customers freely exposed to the public internet, The Register can reveal. The blob also included FedEx shipment security documentation, internal complaints from foodstuffs firm Huel, an investment management firm, and countless others - and in at least one example seen by The Register a passport scan.
CloudKnox Security extended support for serverless functions on Amazon Web Services, Azure, and Google Cloud Platform. Together, the support for serverless functions and ServiceNow integration underscore CloudKnox's market lead with the most comprehensive support offering in the cloud infrastructure entitlement management segment.
Microsoft Azure CTO Mark Russinovich utilized a monster 420 logical processor virtual machine to play Tetris using the CPU core list in Windows Task Manager. To do this, Russinovich redirected the output of a console Tetris implementation to his 'Task Manager CPU pixel array,' which is likely based on a modified version of TaskManagerBitmap project.
Microsoft today announced the launch of a new offering for its mission-critical Azure Government cloud targeted at government customers and partners that regularly work with top-secret classified data. "Today, we are announcing the expansion of our mission-critical cloud for US Government with new capabilities in Azure Government, the expansion of Azure Government Secret, and the announcement of a new cloud to serve customers with Top Secret classified data-Azure Government Top Secret," Tom Keane, corporate vice president of Microsoft's Azure Global, said.
AirHop Communications announced the integration of its solutions with Microsoft Azure platforms. The integration of AirHop's eSON platform enables network deployments with Microsoft Azure platforms to use near real-time Radio Access Networks automation and optimization applications to accelerate 4G and 5G deployments for operator and private enterprise networks.
Exoprise announced the availability of its CloudReady solution in the Microsoft Azure Marketplace. The solution available in the Azure Marketplace offers two plans.