Security News

Analysts at Orca Security have found a critical vulnerability affecting Azure Cosmos DB that allowed unauthenticated read and write access to containers.Named CosMiss, the security issue is in Azure Cosmos DB built-in Jupyter Notebooks that integrate into the Azure portal and Azure Cosmos DB accounts for querying, analyzing, and visualizing NoSQL data and results easier.

Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters.Service Fabric is a platform for business-critical applications that hosts over 1 million apps and powers many Microsoft products, including but not limited to Microsoft Intune, Dynamics 365, Skype for Business, Cortana, Microsoft Power BI, and multiple core Azure services.

Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator...

Orca Security disclosed the bug, and older versions remain vulnerable A proof-of-concept exploit has been published detailing a spoofing vulnerability in Microsoft Azure Service Fabric. The flaw...

Microsoft has announced this week that Azure Virtual Desktop support for passwordless authentication has now entered public preview. "Today we're announcing the public preview for enabling an Azure AD-based single sign-on experience and support for passwordless authentication, using Windows Hello and security devices," said David Bélanger, a Senior Program Manager for Azure Virtual Desktop at Microsoft.

Remote work trends are here to stay while fewer employees than ever before are working full-time in traditional offices. IT needs to foster employee engagement and collaboration, while enabling dispersed teams, decentralized workplaces, and off-premises IT infrastructure.

Microsoft Azure customers' virtual machines running Ubuntu 18.04 have been taken offline by an ongoing outage caused by a faulty systemd update. Microsoft says in an incident report published on the Azure status page that these DNS issues only affect VMs running Ubuntu 18.04.

The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information. Mandiant, who has been tracking the activities of Cozy Bear, reports that the Russian hackers have been vigorously targeting Microsoft 365 accounts in espionage campaigns.

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.

Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.The Azure Site Recovery service is a disaster recovery service that will automatically fail-over workloads to secondary locations when a problem is detected.