Security News

A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft's mitigation statement on the Azure status history page.

What can I do? If you are a visitor of this website: Please try again in a few minutes. Contact your hosting provider letting them know your web server is not responding.

Microsoft says an Azure configuration change caused a major Microsoft 365 outage on Thursday, affecting customers across the Central US region. [...]

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain...

Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules. "We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.

Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. Service Tags are groups of IP addresses for a specific Azure service used for firewall filtering and IP-based Access Control Lists when network isolation is needed to safeguard Azure resources.

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. "Service principals, managed identities, workload identities, and similar token-based accounts used for automation are excluded. Microsoft is still gathering customer input for certain scenarios such as break-glass accounts and other special recovery processes," explained Azure product manager Naj Shahid.

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize...

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant...