Krebs on Security

AUGUST 9, 2022

Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743. “20 CVEs affect their Chromium-based Edge browser and 34 affect Azure Site Recovery (up from 32 CVEs affecting that product last month),” Wiseman wrote.

Authentication 230

Authentication Internet Internet Cyber threats 230

Security Boulevard

FEBRUARY 2, 2024

I highly recommend reading Andy Robbins’ blog, “ Microsoft Breach — What Happened (and What Should Azure Admins Do)? ”, or our recent video describing the breach here , to understand the full scope of what we know based on Microsoft’s transparency report. What Happened and What is the Attack Path?

Risk 62

Risk Cybersecurity 62

Troy Hunt

JULY 20, 2018

The most unexpected outcome of those discussions was a real flat-earther chiming into the Twitter discussion after someone made the innocent mistake of using the #FlatEarth hash tag to describe people decrying HTTPS. Plus there's my post on a whole bunch of nifty Azure Function and Cloudflare Workers bits. Enjoy: References.

117

117

Security Affairs

MARCH 14, 2023

Microsoft Patch Tuesday security updates for March 2023 addressed 74 new vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; Edge (Chromium-based); Microsoft Dynamics; Visual Studio; and Azure. ” states Microsoft.

Authentication 86

Authentication Ransomware Hacking Malware 86

Security Boulevard

DECEMBER 9, 2022

There are different types of containers (Docker, Kubernetes, AWS, and Microsoft Azure), and below you’ll read more about their specific best practices of container security. . Appropriately name and tag each container image. Microsoft Azure Container Security Best Practices . Alerting on suspicious activity of Azure Defender.

Architecture 67

Architecture Risk Accountability Software 67

SecureWorld News

AUGUST 6, 2020

That price tag has tripled in only 12 months. NEW: Azure Security Lab, launched August 2019. NEW: Azure Sphere Security Research Challenge, launched May 2020. But it's even more startling compared to what Microsoft has rewarded security researchers in the past. For the previous year, Microsoft awarded $4.4

Cybersecurity 52

Cybersecurity 52

Security Affairs

DECEMBER 3, 2019

A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The experts noticed that some URLs whitelisted by Microsoft are not previously registered with the Azure portal. com , but they noticed that at least 54 sub-domains with these characteristics were not registered in the Azure portal.

Authentication 76

Authentication Accountability Social Engineering Advertising 76

Security Affairs

FEBRUARY 9, 2021

Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows components,NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and Web Apps, Skype for Business and Lync, and Windows Defender.

DNS 99

DNS IoT Backups Mobile 99

Cisco Security

JULY 26, 2021

The new Cisco Secure Dynamic Attributes Connector utility addresses the complexity by making API calls to popular environments such as AWS, Azure, VMware NSX-T, and Office 365. Let’s take a simple example of limiting your development team’s AWS instances access.

Firewall 115

Firewall Architecture Network Security 115

Cisco Security

MAY 17, 2021

For years, Cisco has been a pioneer in tag-based policies with our firewall support of Security Group Tags (SGTs) and other Cisco Identity Services Engine (ISE) attributes. Now, with the dynamic attribute connector, we also leverage Azure, VMware, and AWS tags. Presenting dynamic attributes with Threat Defense 7.0,

Network Security 89

Network Security Firewall VPN Encryption 89

SC Magazine

JUNE 4, 2021

S3, RDS, CloudFront, Inspector, Security Hub, Security Center, and Azure Log Analytics). Service Control Policy’s (SCP) in AWS, and Azure Policy in Azure). Data Security: Encrypt data in transit and at rest, S3 bucket data (at rest), and EBS root volume and dynamo db.

Penetration Testing 78

Penetration Testing DNS Technology CISO 78

eSecurity Planet

NOVEMBER 10, 2022

. “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,” Leonard said.

Phishing 95

Phishing Malware Cybersecurity Network Security 95

Security Affairs

SEPTEMBER 1, 2021

Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extent the list of targets. state researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT. “By ” continues the post.

IoT 87

IoT DNS Manufacturing Passwords 87

Troy Hunt

JUNE 27, 2018

If you are a tech pro and you want to go deeper on HTTPS, have a browse back through the dozens of posts on the SSL tag or go and watch 3 and a half hours of Pluralsight training on the subject. In the final video, I secure the network segment between Cloudflare and the web server by loading one of their origin certificates into Azure.

Encryption 163

Encryption Banking 163

Security Affairs

FEBRUARY 9, 2022

Tag CVE ID CVE Title Severity Azure Data Explorer CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability Important Kestrel Web Server CVE-2022-21986.NET Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug.

DNS 89

DNS Accountability Mobile Hacking 89

eSecurity Planet

SEPTEMBER 7, 2023

As for the price tag on the deal, it’s estimated at $200 to $250 million. Laminar’s system allows for customers to deal with the problem of security data across public clouds like AWS, Azure, Google and Snowflake. The company is fairly new, having been launched in 2021. It has raised about $67 million.

Cybersecurity 102

Cybersecurity Marketing Software DDOS 102

SecureList

DECEMBER 23, 2020

The attackers showed a deep understanding and knowledge of Office365, Azure, Exchange, Powershell and leveraged it in many creative ways to constantly monitor and extract e-mails from their true victims’ systems. How many victims have been identified? Why didn’t you catch this supply chain attack in the first place?

Malware 57

Malware Telecommunications DNS Government 57

Troy Hunt

MARCH 1, 2018

" I built it in part to help people answer that question and in part because my inner geek wanted to build an interesting project on Microsoft's Azure. This is a little project I started whilst killing time in a hotel room in late 2013 after thinking "I wonder if people actually know where their data has been exposed?"

Government 188

Government Data breaches Passwords Authentication 188

NopSec

MAY 25, 2023

asset.type Cloud = Filters related to AWS, Azure (coming soon), Google (coming soon) will be here. scanner Tags = Filters focused on Asset Tag Groups. artifact.running Asset = Filters related to asset metadata that are not specific to Applications, Cloud assets, or Artifacts will go here.

52

52

Troy Hunt

JUNE 15, 2023

We can't add a meta tag. And so on and so forth until my inbox looked like this: This was Azure auto-scale doing its thing and it was one of the early attractions for me building HIBP on Microsoft's PaaS offering way back in 2013. As of now, all domain searches run on Azure Functions. We can't upload a file.

Accountability 232

Accountability Small Business InfoSec DNS 232

Troy Hunt

NOVEMBER 5, 2018

But they were right because it was early days in Azure and one of the things that Microsoft's offering simply couldn't do was allow you to publish a normal everyday garden variety website. On the face of it, their ongoing viability looks questionable in an era where arguably, Azure itself is now "Azure done right".

Technology 193

Technology Architecture Marketing Internet 193

eSecurity Planet

JANUARY 12, 2024

SolarWinds Yes AWS, Azure, and hybrid cloud application log support Yes Yes No, but it offers a 30-day free trial. Cloud security: Gains visibility into AWS, Azure, Salesforce, and Google Cloud Platform. Has comprehensive visibility into AWS, Azure, Salesforce, and Google Cloud Platform. Starts at $ 0.10/GB Starts at $279/month.

Technology 105

Technology Encryption Threat Detection Marketing 105

Troy Hunt

AUGUST 7, 2020

Let me explain: HIBP Has Always Been Open in Spirit I've already written extensively about the architecture of the system across many of the 128 previous blog posts tagged as Have I Been Pwned. The very second blog post on that tag was about how I used Azure Table Storage to make it so fast and so cheap.

Passwords 364

Passwords Architecture Data breaches Internet 364

SecureList

DECEMBER 18, 2020

The attackers showed a deep understanding and knowledge of Office365, Azure, Exchange, Powershell and leveraged it in many creative ways to constantly monitor and extract e-mails from their true victims’ systems. How many victims have been identified? Why didn’t you catch this supply chain attack in the first place?

DNS 74

DNS Telecommunications Malware Encryption 74

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 94

Spyware Surveillance Artificial Intelligence Data breaches 94

eSecurity Planet

MARCH 17, 2022

Visual panels including graphs, geomaps, heatmaps, histograms, and more Create, consolidate, and manage alerts into a central console Manipulate queries and specific files for data transformations Ability to share insights and reports for company, team, and stakeholder use Add metadata and tags to specific data points with graphical annotations.

Penetration Testing 101

Penetration Testing Software Risk Firewall 101

SecureList

AUGUST 10, 2022

sources: the DLL version is tagged as “heads/3.7-dirty” dirty” [1] (instead of “tags/v3.7.4” audio-azure[.]com. azure-affiliate[.]com. service-azure[.]com. oauth-azure[.]com. oauth-azure[.]com. branch of the standard CPython implementation , which is dated to 2020-05-23.

Cryptocurrency 87

Cryptocurrency Encryption Social Engineering Passwords 87

Troy Hunt

AUGUST 21, 2023

However, check it out in your browser's dev tools so you can see how it renders in the DOM and it will look more like this: Expand that DIV tag and you'll find a whole bunch more content set as a result of loading the widget, but that's not relevant right now. If there's no token then they get booted out right away.

Firewall 201

Firewall Authentication Internet Internet 201

eSecurity Planet

JULY 8, 2021

Support for AWS, Azure, Google Cloud Platform, hybrid, and on-premises environments. Container registries include Harbor, Quay, JFrog, DockerHub, as well as offerings from AWS, Azure, and Google. Search for images that have high-severity vulnerabilities, unapproved packages, and older or test release tags.

Threat Detection 90

Threat Detection Risk Architecture Firewall 90

eSecurity Planet

MARCH 30, 2023

Assign user to a virtual local area network (VLAN) Discretionary access control list (DACL) Downloadable agents: layer 2 port Access Control (ACL), Security Group Tags (SGT), or Security Group Access Control List (SGACL). MAC Address bypass (MAB) 802.1x

Engineering 76

Engineering Wireless Firewall Mobile 76

SC Magazine

APRIL 22, 2021

The data here can be filtered by tags, asset attributes and timeframes. RiskIQ automatically adds ‘analyst insights’ and insightful tags that indicate where the associated IP addresses are hosted, among other things. A lot of information is packed into this one window and it’s where the bulk of research and analysis is done.

Marketing 58

Marketing DNS Internet Internet 58

Pen Test Partners

OCTOBER 9, 2023

Semi-passive tags are also available in that they need temporary energy from a card reader to power up a low power microcontroller inside the tag. Hardware tools like the Proxmark3, and even software on Android smartphones can be used to interact with and clone RFID tags. Back to Table of contents▲ 7.1.

IoT 52

IoT Firmware Mobile Manufacturing 52

ForAllSecure

NOVEMBER 13, 2020

So I kind of invested about 25 years into designing and hardening Active Directory solutions, and somewhere around 2013 or 2014, I was really invested in Azure, or cloud-based solutions. Vamosi: Remember Stok has an extensive background in Microsoft Active Directory and Azure. Anyone want to tag along?

Hacking 40

Hacking InfoSec Internet Internet 40

ForAllSecure

NOVEMBER 12, 2020

So I kind of invested about 25 years into designing and hardening Active Directory solutions, and somewhere around 2013 or 2014, I was really invested in Azure, or cloud-based solutions. Vamosi: Remember Stok has an extensive background in Microsoft Active Directory and Azure. Anyone want to tag along?

Hacking 40

Hacking InfoSec Internet Internet 40

ForAllSecure

NOVEMBER 12, 2020

So I kind of invested about 25 years into designing and hardening Active Directory solutions, and somewhere around 2013 or 2014, I was really invested in Azure, or cloud-based solutions. Vamosi: Remember Stok has an extensive background in Microsoft Active Directory and Azure. Anyone want to tag along?

Hacking 40

Hacking InfoSec Internet Internet 40

ForAllSecure

FEBRUARY 2, 2022

Vranken: Yes, some of them are tagged as evidence of Bitcoin databases, basically clones, but also, audits implement an entirely new system. In Episode 28 I talked with researchers who fuzzed Hyper-V, a virtual machine used in Microsoft Azure Cloud. So maybe you’re familiar with Bitcoin or Ethereum.

Cryptocurrency 52

Cryptocurrency InfoSec Software Encryption 52

Cisco Security

AUGUST 26, 2021

We have a wide variety of atomic actions and workflows that can be imported into SecureX orchestration including Atlassian Jira, BMC Helix (Remedy), ManageEngine Service Desk, Microsoft Azure Graph, Microsoft Online, Microsoft Teams, ServiceNow, Slack, Tufin and ZenDesk. Cisco Duo Security. Read more here. Read more here.

Technology 109

Technology Firewall VPN Authentication 109