Security News

UPDATE. Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets. According to CyberArk, it found the bug in September and Microsoft "Unintentionally" fixed it within two weeks as part of a regular update to its Azure platform.

Microsoft reckons 0.5 per cent of Azure Active Directory accounts as used by Office 365 are compromised every month. "About a half of a per cent of the enterprise accounts on our system will be compromised every month, which is a really high number. If you have an organisation of 10,000 users, 50 will be compromised each month," said Weinert.

As enterprises increasingly transition and scale their operations in the public cloud, at RSA Conference 2020 FireMon announced new integrations with Microsoft Azure and Amazon Web Services to help improve cloud visibility, reduce complexity and match the pace needed to protect systems from ongoing cyber threats and data breaches. "With our latest Microsoft Azure and AWS cloud integrations, customers can now deploy consistent, seamless, and adaptive security policy orchestration across any type of infrastructure."

Hybrid environments can now join the preview party for FIDO2 support in Azure Active Directory. One way to move on is via a FIDO2 security key; the FIDO alliance has already signed up the likes of Google and Mozilla for browser authentication and back in October 2019 Microsoft unveiled a preview of FIDO2 security support in Azure Active Directory.

CyberMDX, a leading provider of medical cyber security solution, delivering asset visibility and threat prevention for medical devices and clinical assets, announced that it has completed integration certification for the Microsoft Azure Security Center for IoT. Integrating CyberMDX visibility and detection capabilities with Microsoft Azure Security Center for IoT, healthcare organizations are equipped with cross-cloud and devices visibility, classification and incident response capabilities. Azure Security Center for IoT provides adaptive threat prevention, and intelligent threat detection and response across workloads running on on-premises, on edge, in Azure.

ClearDATA, the leader in healthcare public cloud security, compliance and privacy, expanded their ClearDATA Comply Software as a Service compliance management product to include Microsoft's Azure Cloud Services. The solution automatically configures over 70 controls across 32 of the most commonly used Azure services for sensitive patient data in healthcare including Azure Kubernetes Service, Azure Machine Learning as well as PaaS based services like Azure SQL. ClearDATA is a Microsoft Gold Partner and has offered managed security, compliance and privacy solutions on Microsoft Azure since 2015.

CyberX announced a new API-level integration with Microsoft Azure Security Center for IoT, enabling joint clients to gain a unified view of security across all their managed and unmanaged IoT devices. The combination of CyberX's agentless security platform and Azure Security Center for IoT provides comprehensive IoT device protection and zero trust security for organizations seeking to reduce risk from enterprise IoT threats as well as from industrial IoT, Smart Buildings, Smart Retail, and more.

The bug-hunters at Checkpoint have laid claim to the discovery and reporting of two serious, and now patched, security flaws in Microsoft Azure. Among the fixes are security updates for iOS and macOS, the two major operating systems from Cook and Co. While there aren't any massive risks posed by the patched flaws, users and admins should look to get the patches in place before malware writers begin to take aim at them.

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. According to a report researchers shared with The Hacker News, the first security vulnerability is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

Microsoft this week announced the availability of Azure Security Benchmark v1, a collection of more than 90 security best practices recommendations for Azure customers. ASB, Microsoft says, was designed to improve the consistency of security documentation for Azure services by creating a framework containing all recommendations for Azure services, in the same format.