Security News

The Azure outage had global reach, impacting a subset of customers attempting to connect to Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, the Azure portal itself, and a subset of Microsoft 365 and Microsoft Purview services. Many different organisations made statements on Tuesday, notifying users that their services were disrupted as a result of the Azure DDoS attack.

A vulnerability in the ESXi hypervisor was patched by VMware last week, but Microsoft has revealed that it has already been exploited by ransomware groups to gain administrative permissions. The vulnerability affects ESXi versions 7.0 and 8.0 and VMware Cloud Foundation versions 4.x and 5.x., but patches were only rolled out for ESXi 8.0 and VMware Cloud Foundation 5.x. It has a relatively low CVSS severity score of 6.8.

Do you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability. Microsoft has published its strategy to defend against network-based DDoS attacks, noting it was unique due to the global footprint of the company.

Microsoft confirmed that a nine-hour outage on Tuesday, which disrupted numerous Microsoft 365 and Azure services worldwide, was caused by a distributed denial-of-service (DDoS) attack. Affected services included Microsoft Entra, Intune, Power BI, Power Platform, Azure App Services, and others.The company explained that their DDoS protection mechanisms were triggered, but an error in the implementation of their defenses exacerbated the attack's impact. Once the issue was identified, Microsoft made networking configuration changes and rerouted to alternate paths to mitigate the problem.

A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft's mitigation statement on the Azure status history page.

Delta Air Lines lost hundreds of millions of dollars due to the CrowdStrike outage earlier this month - and it has hired a high-powered law firm to claw some of those lost funds back, potentially from the Falcon maker and Microsoft itself. CNBC broke the news yesterday that Delta had hired famed lawyer David Boies to look into what the airline could do to recoup as much as an estimated $500 million in operational losses due to the July 19 CrowdStrike outage.

What can I do? If you are a visitor of this website: Please try again in a few minutes. Contact your hosting provider letting them know your web server is not responding.

Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. Ransomware groups have focused on creating lockers dedicated to encrypting ESXi VMs rather than targeting specific ESXi vulnerabilities that would provide them a quicker way of acquiring and maintaining access to a victim's hypervisors.

There has been an uptick in phishing campaigns leveraging Microsoft Forms this month, aiming to trick targets into sharing their Microsoft 365 login credentials. Malicious forms leading to phishing pages impersonating Microsoft 365 and Adobe.

Redmond shared a technical incident response write-up on Saturday - titled "Windows Security best practices for integrating and managing security tools" - in which veep for enterprise and OS security David Weston explained how Microsoft measured the impact of the disaster: By accessing crash reports shared by customers. Weston's post justifies how Windows performed, on the grounds that kernel-level drivers - like those employed by CrowdStrike - can improve performance and prevent tampering with security software.