Cloud Security Azure Kubernetes Services Vulnerability Exposed Sensitive Information A vulnerability in Azure Kubernetes Services could have allowed attackers to escalate privileges and access sensitive information on the clusters. Ionut ArghireAugust 21, 2024
Cloud Security Microsoft Announces Mandatory MFA for Azure Microsoft is implementing automatic enforcement of multi-factor authentication (MFA) for all Azure users starting October. Ionut ArghireAugust 19, 2024
Cloud Security Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data Azure Health Bot Service vulnerabilities found by Tenable could have been exploited for lateral movement and may have allowed customer data exposure. Eduard KovacsAugust 14, 2024
Cloud Security Microsoft Says Azure Outage Caused by DDoS Attack Response Microsoft’s response to a DDoS attack on Azure amplified the impact of the attack instead of mitigating it, causing outages. Eduard KovacsJuly 31, 2024
Cloud Security Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts. Kevin TownsendFebruary 12, 2024
Vulnerabilities Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI Microsoft provided guidance on an Azure CLI bug leading to the exposure of sensitive information through GitHub Actions logs. Ionut ArghireNovember 15, 2023
Cloud Security Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery Orca Security details eight XSS vulnerabilities in Azure HDInsight that could lead to information leaks, session hijacking, and payload delivery. Ionut ArghireSeptember 14, 2023
Management & Strategy Microsoft Criticized Over Handling of Critical Power Platform Vulnerability A critical Microsoft Power Platform vulnerability exposed authentication data and other secrets, but the tech giant has been accused of handling it poorly. Eduard KovacsAugust 4, 2023
Cloud Security Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online. Ryan NaraineJuly 21, 2023
Cloud Security Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps Businesses using ‘Log in with Microsoft’ could be exposed to privilege escalation and full account takeover exploits. Ryan NaraineJune 20, 2023
Cloud Security Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse Microsoft Azure shared key authorization can be exploited to access business data and achieve remote code execution. Ionut ArghireApril 11, 2023
Cloud Security Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward. Ionut ArghireMarch 30, 2023