Security News

Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. Service Tags are groups of IP addresses for a specific Azure service used for firewall filtering and IP-based Access Control Lists when network isolation is needed to safeguard Azure resources.

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. "Service principals, managed identities, workload identities, and similar token-based accounts used for automation are excluded. Microsoft is still gathering customer input for certain scenarios such as break-glass accounts and other special recovery processes," explained Azure product manager Naj Shahid.

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize...

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant...

This all makes IAM solutions critical to any modern business, and two popular options in that category are Okta and Microsoft Entra ID. Okta vs. Microsoft Entra ID: Comparison. Entra ID Free Entra ID P1 Entra ID P2 Entra ID Governance Free $6.00 per user, per month $9 per user, per month $7 per user, per month Identity governance.

The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers since spinning it up in November. In addition to the hundreds of ATOs, "Dozens" of Azure environments were also compromised, Proofpoint said.

A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. The attacks employ documents sent to targets that embed links masqueraded as "View document" buttons that take victims to phishing pages.

Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. "Easy to use from the command line with simple, understandable output, Prowler offers standard reporting formats like CSV and JSON, enabling users to thoroughly examine findings across any cloud provider, all in a uniform format. Its seamless integrations with Security Hub and S3 facilitate easy incorporation with other SIEMs, databases, and more. The ability to write custom checks and develop custom security frameworks is crucial for our expanding community," Toni de la Fuente, the creator of Prowler, told Help Net Security.

AI SPERA, a leader in Cyber Threat Intelligence-based solutions, today announced that Criminal IP ASM is now available on the Microsoft Azure Marketplace. Through this partnership, AI SPERA showcases Criminal IP ASM on the Microsoft Azure Marketplace in the security service listings.

Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular...