Security News

A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob. Details of the fund's register of members and correspondence with its investors could be freely read by anyone with the URL to its Azure blob, the Microsoft equivalent of an Amazon Web Services S3 storage bucket.

"When Databricks received FedRAMP High approval, we were able to move quickly to inherit that same Azure ATO and approve Azure Databricks for production workloads. Timing couldn't have been better, as we have been working with a number of VA customers implementing Databricks for critical programs." "We are pleased to add Azure Databricks to our portfolio of services approved for FedRAMP at the high impact level in Microsoft Azure Government," said Lily Kim, General Manager of Azure Government at Microsoft.

ACI Worldwide announced that its ACI Fraud Management solution is now available as a fully certified private offering via the Microsoft Azure Marketplace. ACI Fraud Management delivers enterprise fraud management capabilities, including advanced machine learning, predictive analytics and expertly defined rules, to help banks and intermediaries identify and mitigate financial fraud and help reduce the compliance burden in all forms.

AttackIQ announced its integration between the Microsoft Azure Sentinel cloud-native security information and event manager platform and the AttackIQ Security Optimization Platform. "We're delighted to announce AttackIQ's integration with Microsoft Azure Sentinel, and the opportunity to enable Azure Sentinel users to test and validate their detection pipeline and ultimately fine-tune security processes across their organization," said Dariush Afshar, VP of Platform & Business Development, AttackIQ. "With our integration with Azure Sentinel, Microsoft customers now have another powerful tool for optimizing their security investments, whether that be their Microsoft 365 Defender investments like Microsoft Defender for Endpoint, or third-party security products - such as nextgen firewall - that feed Azure Sentinel."

Microsoft this week announced the availability of a new password spray detection for Azure AD Identity Protection customers. According to Microsoft, password spray attacks yield a 1% success rate, but only if the targeted accounts don't use password protection.

Azure Defender for IoT - Microsoft's new security solution for discovering unmanaged IoT/OT assets and IoT/OT vulnerabilities - is now in public preview and can be put to the test free of charge. About Azure Defender for IoT. "As industrial and critical infrastructure organizations implement digital transformation, the number of networked IoT and Operational Technology devices has greatly proliferated. Many of these devices lack visibility by IT teams and are often unpatched and misconfigured, making them soft targets for adversaries looking to pivot deeper into corporate networks," Phil Neray, Director of Azure IoT Security Strategy at Microsoft, explained.

Microsoft announced today that Azure Defender for IoT, its agentless security solution for networked IoT and Operational Technology devices, has entered public preview. Azure Defender for IoT is an IoT/OT device threat protection solution that integrates with Microsoft's Azure Sentinel and third-party solutions to provide continuous threat monitoring and vulnerability management.

Saviynt announced new and expanded integration with Microsoft Azure Active Directory to provide additional advanced governance scenarios for enterprise customers. The new integration with Azure AD brings additional identity governance capabilities for Microsoft 365 and Azure IaaS using the Saviynt Cloud PAM solution.

Researchers have disclosed two flaws in Microsoft's Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft Azure Cloud and on-premise installations.

Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery attacks or execute arbitrary code and take over the administration server. Azure App Service is a cloud computing-based platform that's used as a hosting web service for building web apps and mobile backends.