Tuesday, December 24, 2024

Azure

Azure Data Factory And Apache Airflow Integration Flaws Let Attackers Gain Write Access

Researchers have uncovered vulnerabilities in Microsoft Azure Data Factory's integration with Apache Airflow, which could potentially allow attackers to gain unauthorized access and control over critical Azure resources. By exploiting...

Azure API Management Vulnerabilities Let Attackers Escalate Privileges

Recent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal privileges to escalate their access and...

Researchers Backdoored Azure Automation Account Packages And Runtime Environments

Runtime environments offer a flexible way to customize Automation Account Runbooks with specific packages.While base system-generated environments can't be directly modified, they can...

Iranian Hackers Using Multi-Stage Malware To Attack Govt And Defense Sectors Via LinkedIn

Microsoft has identified a new Iranian state-sponsored threat actor, Peach Sandstorm, deploying a custom multi-stage backdoor named Tickler. This backdoor has been used to target...

Microsoft Details On Using KQL To Hunt For MFA Manipulations

It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings.Threat actors usually alter compromised users' MFA attributes by...

Microsoft Details AI Jailbreaks And How They Can Be Mitigated

Generative AI systems comprise several components and models geared to enhancing human interactions with the system. However, while being as realistic and useful as possible,...

New Azure Hacking Campaign Steals Senior Executive Accounts

An ongoing campaign of cloud account takeover has affected hundreds of user accounts, including those of senior executives, and impacted dozens of Microsoft Azure...

8 XSS Vulnerabilities in Azure HDInsight Allow Attackers to Deliver Malicious Payloads

Azure HDInsight has been identified with multiple Cross-Site Scripting - XSS vulnerabilities related to Stored XSS and Reflected XSS. The severity for these vulnerabilities...

Hackers Abuse Azure AD Abandoned Reply URLs to Escalate Privilege

Recent reports indicate that there has been a privilege escalation vulnerability discovered, which arises due to abandoned Active Directory URLs.Threat actors can use...

Critical RCE & Spoofing Vulnerabilities in Microsoft Azure Cloud Let Hackers Compromise Microsoft’s Cloud Server

Critical remote code execution and spoofing vulnerabilities that existed in the Microsoft Azure cloud infrastructure allow attackers to remotely exploiting the vulnerability and compromise...