Security Boulevard

NOVEMBER 14, 2022

In the next few minutes, you will explore the in-depth design of Azure services and capabilities to help you secure, manage and monitor your cloud data and infrastructure. The post Dig Deeper into the Essentials of Microsoft Azure Security appeared first on PeoplActive.

Engineering 98

Engineering 98

Krebs on Security

OCTOBER 11, 2022

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. Microsoft says the flaw is being actively exploited, and that it was reported by an anonymous individual.

DNS 273

DNS Internet Internet Cyber threats 273

The Hacker News

JUNE 21, 2023

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth.

Accountability 93

Accountability Authentication 93

The Hacker News

AUGUST 8, 2023

Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks.

98

98

The Last Watchdog

AUGUST 8, 2023

8, 2023 – DigiCert today announced the expansion of its certificate management platform, DigiCert Trust Lifecycle Manager, to provide full lifecycle support for multiple CAs including Microsoft CA and AWS Private CA, as well as integration with ServiceNow to support existing IT service workflows. Lehi, Utah, Aug.

Authentication 100

Authentication Technology VPN Software 100

Krebs on Security

AUGUST 9, 2022

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows.

Authentication 244

Authentication Internet Internet Cyber threats 244

CyberSecurity Insiders

AUGUST 9, 2021

Microsoft has unveiled a new service yesterday that is aimed to detect ransomware activities on its Azure cloud platform. Therefore, as soon as any suspicious activity is observed on the Azure platform, the system sends an immediate alert to security teams to gather their attention.

Ransomware 142

Ransomware Artificial Intelligence Technology Cybersecurity 142

Security Boulevard

FEBRUARY 18, 2024

Cloud security means multiple teams with a shared responsibility. However, some organisations are now moving back to on-premise systems due to concerns around high operational costs, cloud performance issues, or cyber security. But can be be secure, and if so - how? Clearly, the cloud is not the panacea some thought it would be.

Encryption 128

Encryption Authentication Insurance Risk 128

The Last Watchdog

MAY 9, 2023

This ultimately resulted in the 2020 roll out of DigiCert ONE, a new platform of tools and services aimed at “embedding digital trust across the board within the enterprise and between all parts of the cloud ecosystem,” Chauhan says. Amazon had introduced Amazon Web Services in 2006 and Microsoft Azure became commercially available in 2010.

Cloud Migration 195

Cloud Migration Digital transformation Engineering Retail 195

Security Affairs

SEPTEMBER 18, 2023

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data on GitHub. ” reads the report published by Wiz.”The

Accountability 129

Accountability Backups Risk Passwords 129

Security Affairs

AUGUST 9, 2022

Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft states that the issue is a variant of the Dogwalk vulnerability that was disclosed in June. An attacker can trigger the flaw by tricking the victims into opening specially crafted files.

Media 122

Media Social Engineering Engineering Internet 122

Malwarebytes

JUNE 6, 2022

Billed as a managed service available to (some) users of Microsoft products, the software giant had this to say about it: The development of Autopatch is a response to the evolving nature of technology. This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost.

Software 125

Software Marketing Technology 125

CSO Magazine

MAY 5, 2023

Microsoft recently patched three vulnerabilities in its Azure API Management service , two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal Azure assets. Web APIs have become an integral part of modern application development, especially in the cloud.

Risk 86

Risk IoT Mobile 86

Security Boulevard

FEBRUARY 16, 2024

Entra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin, but this role is hidden from view in the Azure portal GUI. The Microsoft documentation says: This is a privileged role. The Microsoft documentation says: This is a privileged role. Partner Tier2 What-Now? Do not use.

Passwords 75

Passwords Accountability Risk Cybersecurity 75

Security Boulevard

FEBRUARY 2, 2024

Microsoft Breach — What Happened? What Should Azure Admins Do? On January 25, 2024, Microsoft published a blog post that detailed their recent breach at the hands of “Midnight Blizzard”. Figure 2 This means that the “legacy” app registration from the test tenant was instantiated as a service principal in the corporate tenant.

Authentication 75

Authentication Architecture Technology Passwords 75

The Last Watchdog

JANUARY 17, 2023

To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms.

Authentication 208

Authentication Mobile Encryption Internet 208

eSecurity Planet

SEPTEMBER 13, 2023

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2;

Engineering 105

Engineering Security Defenses Risk Cybersecurity 105

eSecurity Planet

MARCH 19, 2024

Microsoft, as usual, led the pack in quantity for Patch Tuesday this March with fixes for nearly 59 vulnerabilities including two critical flaws. March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The fix: Update to version 5.3.1.0

Authentication 102

Authentication VPN Software DDOS 102

NetSpi Technical

NOVEMBER 16, 2023

As we were preparing our slides and tools for our DEF CON Cloud Village Talk ( What the Function: A Deep Dive into Azure Function App Security ), Thomas Elling and I stumbled onto an extension of some existing research that we disclosed on the NetSPI blog in March of 2023. Next, we decoded the Base64 data and wrote it to a file.

Encryption 138

Encryption Accountability Penetration Testing Authentication 138

Thales Cloud Protection & Licensing

NOVEMBER 14, 2023

Meanwhile, organizations continue to invest in digital transformation by utilizing the efficiencies and elasticity offered by cloud service providers. Therefore, there is a need to continually raise the bar in cloud security.

Digital transformation 78

Digital transformation Architecture Engineering Authentication 78

Security Boulevard

APRIL 18, 2023

Introducing BloodHound 4.3 — Get Global Admin More Often Discover new attack paths traversing Microsoft Graph and seven new Azure Resource Manager objects. models this outcome by creating post-processed edges labeled as AZMGAddOwner, linking to every Service Principal. Checking out BloodHound for the first time?

Accountability 64

Accountability Data collection Authentication Cybersecurity 64

CyberSecurity Insiders

MAY 18, 2023

A threat actor with a history of targeting Microsoft servers has recently gained control over virtual machines (VMs) and installed third-party remote management software within clients’ cloud environments. The post Microsoft VMs hijacked in cloud Cyber Attack appeared first on Cybersecurity Insiders.

Cyber Attacks 110

Cyber Attacks Education Software Phishing 110

CyberSecurity Insiders

MAY 6, 2022

Wipro has proudly announced that it has earned Microsoft (MS) Cloud Security specialization that has been added to its portfolio of end to end solutions. From the past two decades, the Azim Premji Company partnered with Microsoft in offering business process services and information technology consulting.

Cyber Risk 95

Cyber Risk Government Technology Risk 95

Malwarebytes

MARCH 9, 2022

Azure is Microsoft’s cloud computing service providing a wide range of features for businesses worldwide. It’s particularly popular for its virtual machines and IaaS (infrastructure as a service). One useful Azure feature is Automation , which has been around for some years now. A timeline of token disaster…almost.

Accountability 97

Accountability Authentication Ransomware 97

Security Boulevard

JULY 10, 2023

Microsoft has admitted that a vulnerability has been discovered in its Azure Active Directory (AD) Open Authorization (OAuth) process which facilitates hackers a complete account takeover. Researchers from Descope, a California-based identity and access management service, have reported the vulnerability and named it ‘NoAuth.’

Accountability 79

Accountability Cyber Attacks 79

Malwarebytes

JUNE 23, 2023

Researchers have found that a flaw in Microsoft Azure AD can be used by attackers to take over accounts that rely on pre-established trust. In a nutshell, Microsoft Azure AD allows you to change the email address associated with an account without verification of whether you are in control of that email address.

Accountability 85

Accountability Passwords Authentication Internet 85

Security Affairs

NOVEMBER 12, 2021

Wiz Research Team disclosed technical details about the discovery of the ChaosDB vulnerability in Azure Cosmos DB database solution. We want to provide a summary of what was discussed, and share the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.

Accountability 115

Accountability Authentication Internet Internet 115

Bleeping Computer

FEBRUARY 16, 2021

Microsoft has announced that the new Premium tier for its managed cloud-based network security service Azure Firewall has entered public preview starting today. [.].

Firewall 111

Firewall Network Security 111

CyberSecurity Insiders

JULY 25, 2021

CloudKnox Security that was earlier speculated to be acquired by IT giant Wipro has made a recent announcement that it is now a part of the American Technology giant Microsoft. Founded in the year 2015, CloudKnox helps in cutting down risks and security breaches in corporate networks.

Technology 116

Technology Risk Cybersecurity 116

The Last Watchdog

JUNE 2, 2022

Companies have come to depend on Software as a Service – SaaS — like never before. Related: Managed security services catch on. I visited with Maor Bin, co-founder and CEO of Tel Aviv-based Adaptive Shield , a pioneer in a new security discipline referred to as SaaS Security Posture Management (SSPM.)

Cloud Migration 229

Cloud Migration CISO Technology Security Awareness 229

Heimadal Security

SEPTEMBER 16, 2021

Microsoft addressed a number of critical vulnerabilities that were collectively known as OMIGOD. The vulnerabilities were identified in the Open Management Infrastructure (OMI) software agent, which was quietly installed on more than half of Azure Linux machines.

Software 86

Software Cybersecurity 86

Malwarebytes

SEPTEMBER 12, 2023

Microsoft's September 2023 Patch Tuesday is another important one. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. out of 10): a Microsoft Word information disclosure vulnerability. out of 10): a Microsoft Streaming Service Proxy Elevation of Privilege (EoP) vulnerability.

Cybersecurity 113

Cybersecurity Accountability Risk 113

Malwarebytes

APRIL 3, 2023

Researchers at Orca Security disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer. The vulnerability was reported to the Microsoft Security Response Center (MSRC) with responsible disclosure and was included by Microsoft in their March 2023 Patch Tuesday round.

Authentication 84

Authentication Risk Cybersecurity 84

eSecurity Planet

FEBRUARY 12, 2024

This week saw some repeat products from previous vulnerability recaps, such as Ivanti Policy Secure and JetBrains TeamCity servers. Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats. through 2023.11.2. JetBrains fixed it in version 2023.11.3

VPN 104

VPN Authentication Software Firewall 104

Malwarebytes

MAY 11, 2022

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. The security update detects anonymous connection attempts in LSARPC and disallows it. LSA spoofing zero-day.

Authentication 132

Authentication Internet Internet 132

eSecurity Planet

APRIL 15, 2024

Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security. To mitigate these risks, users must promptly apply vendor-provided software patches and updates, as well as exercise vigilance when using online services and apps. are vulnerable.

Firewall 99

Firewall VPN Software Risk 99

Thales Cloud Protection & Licensing

JUNE 15, 2023

A Guide to Key Management as a Service madhav Thu, 06/15/2023 - 11:29 As companies adopt a cloud-first strategy and high-profile breaches hit the headlines, securing sensitive data has become a paramount business concern. The most effective way to ensure data security is through encryption and proper key management.

Encryption 134

Encryption Data breaches Authentication Risk 134