Security News

Four different Microsoft Azure services have been found vulnerable to server-side request forgery attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft.

Kali Linux images for Azure, QEMU. Kali Linux is now available in the Azure Marketplace, allowing you to deploy the image and perform penetration testing from the cloud. In reality, Kali Linux 2022.3 made it to Azure first, with the team tweeting its addition on August 30th, after 2022.3 was already released.

Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss. "In short, if an attacker had knowledge of a Notebook's 'forwardingId,' which is the UUID of the Notebook Workspace, they would have had full permissions on the Notebook without having to authenticate, including read and write access, and the ability to modify the file system of the container running the notebook," researchers Lidor Ben Shitrit and Roee Sagi said.

Analysts at Orca Security have found a critical vulnerability affecting Azure Cosmos DB that allowed unauthenticated read and write access to containers.Named CosMiss, the security issue is in Azure Cosmos DB built-in Jupyter Notebooks that integrate into the Azure portal and Azure Cosmos DB accounts for querying, analyzing, and visualizing NoSQL data and results easier.

Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters.Service Fabric is a platform for business-critical applications that hosts over 1 million apps and powers many Microsoft products, including but not limited to Microsoft Intune, Dynamics 365, Skype for Business, Cortana, Microsoft Power BI, and multiple core Azure services.

Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator...

Orca Security disclosed the bug, and older versions remain vulnerable A proof-of-concept exploit has been published detailing a spoofing vulnerability in Microsoft Azure Service Fabric. The flaw...

Microsoft has announced this week that Azure Virtual Desktop support for passwordless authentication has now entered public preview. "Today we're announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices," said David Bélanger, a Senior Program Manager for Azure Virtual Desktop at Microsoft.

Remote work trends are here to stay while fewer employees than ever before are working full-time in traditional offices. IT needs to foster employee engagement and collaboration, while enabling dispersed teams, decentralized workplaces, and off-premises IT infrastructure.

Microsoft Azure customers' virtual machines running Ubuntu 18.04 have been taken offline by an ongoing outage caused by a faulty systemd update. Microsoft says in an incident report published on the Azure status page that these DNS issues only affect VMs running Ubuntu 18.04.