Security News

Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without authorization. To mitigate the risk and block attackers who might've stolen your Cosmos DB primary read-write keys before the vulnerable feature was disabled, Microsoft advises regenerating the Cosmos DB keys.

Microsoft announced a new Microsoft 365 Widget in the latest Windows 11 Dev build released for Windows Insiders in the Dev and Beta Channels. Windows 11's new widget provides quicker access to frequently opened files and more for all Insiders in the Dev and Beta channels who install Windows 11 Preview build 22000.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments worldwide. Microsoft will invest $20 billion over the next five years to deliver advanced security solutions, in addition to making available $150 million in technical services to help federal, state, and local governments with upgrading security protections.

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments worldwide. To that end, the U.S. government on Wednesday announced a collaboration between the National Institute of Standards and Technology and industry partners to develop a new framework to improve the security and integrity of the technology supply chain, alongside plans to expand the Industrial Control Systems Cybersecurity Initiative to secure natural gas pipelines.

Microsoft has warned that it has been tracking a widespread credential-phishing campaign that relies on open redirector links, while simultaneously suggesting it can defend against such schemes. Microsoft says that open redirects have legitimate uses, pointing to the way sales and marketing campaigns rely on them to lead customers to specific landing pages and to gather web metrics.

On Thursday, the company sent warnings to "Thousands" of its cloud computing customers, explaining that "Intruders" could have access to their databases, according to Reuters. On Thursday, Microsoft alerted cloud customers that uninvited guests could have access to their databases, according to Reuters.

Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization. "Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key," the company told customers.

Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. Cosmos DB is Microsoft's proprietary NoSQL database that's advertised as "a fully managed service" that "Takes database administration off your hands with automatic management, updates and patching."

Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. Cosmos DB is Microsoft's proprietary NoSQL database that's advertised as "a fully managed service" that "Takes database administration off your hands with automatic management, updates and patching."