Security News

Microsoft this week announced the availability of a new password spray detection for Azure AD Identity Protection customers. According to Microsoft, password spray attacks yield a 1% success rate, but only if the targeted accounts don't use password protection.

Azure Defender for IoT - Microsoft's new security solution for discovering unmanaged IoT/OT assets and IoT/OT vulnerabilities - is now in public preview and can be put to the test free of charge. About Azure Defender for IoT. "As industrial and critical infrastructure organizations implement digital transformation, the number of networked IoT and Operational Technology devices has greatly proliferated. Many of these devices lack visibility by IT teams and are often unpatched and misconfigured, making them soft targets for adversaries looking to pivot deeper into corporate networks," Phil Neray, Director of Azure IoT Security Strategy at Microsoft, explained.

Microsoft announced today that Azure Defender for IoT, its agentless security solution for networked IoT and Operational Technology devices, has entered public preview. Azure Defender for IoT is an IoT/OT device threat protection solution that integrates with Microsoft's Azure Sentinel and third-party solutions to provide continuous threat monitoring and vulnerability management.

Saviynt announced new and expanded integration with Microsoft Azure Active Directory to provide additional advanced governance scenarios for enterprise customers. The new integration with Azure AD brings additional identity governance capabilities for Microsoft 365 and Azure IaaS using the Saviynt Cloud PAM solution.

Researchers have disclosed two flaws in Microsoft's Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft Azure Cloud and on-premise installations.

Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery attacks or execute arbitrary code and take over the administration server. Azure App Service is a cloud computing-based platform that's used as a hosting web service for building web apps and mobile backends.

Microsoft on Tuesday shared the results of its three-month-long Azure Sphere Security Research Challenge and the company says it has paid out more than $374,000 to participants. The Azure Sphere Security Research Challenge, announced in May, invited security researchers to find vulnerabilities in Azure Sphere, Microsoft's IoT security solution, which the tech giant designed to provide end-to-end security across hardware, operating system and the cloud.

Microsoft awarded over $370,000 in bounties to security researchers for 16 bounty eligible reports of vulnerabilities submitted through the Azure Sphere Security Research Challenge IoT-focused research program. Azure Sphere Security Research Challenge is a 3-month expansion to the Azure Security Lab bounty program Microsoft announced last year at Black Hat 2019.

Microsoft this week announced the public preview of support for confidential computing nodes in Azure Kubernetes Service. One of the big tech companies to have affirmed commitment to computing confidentiality, Microsoft made Azure Confidential Computing generally available earlier this year, and also expanded the availability of secure VMs. The availability of confidential containers on AKS is yet another step Microsoft is taking toward moving computing from 'in the clear' to 'confidential'.

This means that Azure customers will be able to implement Datadog as a monitoring solution for their cloud workloads through new streamlined workflows that cover everything from procurement to configuration. The improved onboarding experience makes Datadog setup automatic, so new users can start monitoring the health and performance of their applications with Datadog quickly, whether they are based entirely in Azure or spread across hybrid or multi-cloud environments.