Security News

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines to install third-party remote management tools within compromised environments. "This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM," the threat intelligence firm said.

A financially motivated cybergang tracked by Mandiant as 'UNC3944' is using phishing and SIM swapping attacks to hijack Microsoft Azure admin accounts and gain access to virtual machines. From there, the attackers abuse the Azure Serial Console to install remote management software for persistence and abuse Azure Extensions for stealthy surveillance.

Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery flaws and one instance of unrestricted file upload functionality in the API Management developer portal, according to Israeli cloud security firm Ermetic.

A design flaw in Microsoft Azure - that shared key authorization is enabled by default when creating storage accounts - could give attackers full access to your environment, according to Orca Security researchers. "Similar to the abuse of public AWS S3 buckets seen in recent years, attackers can also look for and utilize Azure access keys as a backdoor into an organization," Orca's Roi Nisimi said.

A "By-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. "It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, and execute remote code," Orca said in a new report shared with The Hacker News.

Microsoft has patched a misconfiguration issue impacting the Azure Active Directory identity and access management service that exposed several "High-impact" applications to unauthorized access. "One of these apps is a content management system that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud security firm Wiz said in a report.

A misconfiguration in Microsoft's Azure Active Directory could have allowed miscreants to subvert Microsoft's Bing search engine - even changing search results. The team "Spotted several" of these misconfigured apps, including one called Bing Trivia.

Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383, the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw that was fixed by Microsoft in October 2022.

Bringing your own WordPress installation to Azure still requires managing and patching the underlying OS and the CMS application, as you're treating Azure as just another host for virtual machines. WordPress is, at heart, a Hypertext Preprocessor application, and you should remember that the only supported PHP on Azure is the one running on Azure App Service for Linux.

A hole in a Department of Defense email server operated by Microsoft left more than a terabyte of sensitive data exposed less than a month after Office 365 was awarded a higher level of US government security accreditation. According to security researcher Anurag Sen, who discovered the issue and shared it, the openly accessible server was part of an internal mailbox system hosted on Azure Government Cloud and used by the DoD for a variety of purposes - including the processing of security clearance paperwork.