Azure Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Azure API Management Vulnerabilities Let Attackers Escalate Privileges

Divya — Wed, 06 Nov 2024 09:53:27 +0000

Recent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal privileges to escalate their access and take full control over the APIM service. These vulnerabilities were reported to Microsoft, leading to some fixes. However, certain issues remain unresolved, exposing many users unless they manually disable legacy API […]

The post Azure API Management Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers Backdoored Azure Automation Account Packages And Runtime Environments

Aman Mishra — Thu, 26 Sep 2024 08:40:51 +0000

Runtime environments offer a flexible way to customize Automation Account Runbooks with specific packages. While base system-generated environments can’t be directly modified, they can be indirectly changed by adding packages to the old experience and then switching to the new Runtime Environments feature. It could potentially be exploited by attackers who create new runtime environments […]

The post Researchers Backdoored Azure Automation Account Packages And Runtime Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Iranian Hackers Using Multi-Stage Malware To Attack Govt And Defense Sectors Via LinkedIn

Gurubaran — Tue, 03 Sep 2024 09:03:50 +0000

Microsoft has identified a new Iranian state-sponsored threat actor, Peach Sandstorm, deploying a custom multi-stage backdoor named Tickler. This backdoor has been used to target various sectors, including satellite, communications equipment, oil and gas, and government, in the United States and the United Arab Emirates. Peach Sandstorm has also engaged in password spray attacks and […]

The post Iranian Hackers Using Multi-Stage Malware To Attack Govt And Defense Sectors Via LinkedIn appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Details On Using KQL To Hunt For MFA Manipulations

Tushar Subhra — Fri, 07 Jun 2024 06:16:44 +0000

It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings. Threat actors usually alter compromised users’ MFA attributes by bypassing the requirements, disabling MFA for others, or enrolling rogue devices in the system. They do so stealthily, mirroring helpdesk operations and making it hard to notice the noise of […]

The post Microsoft Details On Using KQL To Hunt For MFA Manipulations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Details AI Jailbreaks And How They Can Be Mitigated

Tushar Subhra — Wed, 05 Jun 2024 08:42:10 +0000

Generative AI systems comprise several components and models geared to enhancing human interactions with the system. However, while being as realistic and useful as possible, these models are protected by defense layers against generating misuse or inappropriate content against the intended AI models. Cybersecurity researchers at Microsoft recently detailed the AI jailbreaks and how they […]

The post Microsoft Details AI Jailbreaks And How They Can Be Mitigated appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New Azure Hacking Campaign Steals Senior Executive Accounts

Gurubaran — Tue, 13 Feb 2024 10:20:56 +0000

An ongoing campaign of cloud account takeover has affected hundreds of user accounts, including those of senior executives, and impacted dozens of Microsoft Azure environments. Threat actors attack users with customized phishing lures inside shared documents as part of this ongoing effort. Some documents that have been weaponized have embedded links to “View document,” which, […]

The post New Azure Hacking Campaign Steals Senior Executive Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

8 XSS Vulnerabilities in Azure HDInsight Allow Attackers to Deliver Malicious Payloads

Eswar — Fri, 15 Sep 2023 12:57:12 +0000

Azure HDInsight has been identified with multiple Cross-Site Scripting – XSS vulnerabilities related to Stored XSS and Reflected XSS. The severity for these vulnerabilities ranges between 4.5 (Medium) and 4.6 (Medium). These vulnerabilities have affected multiple products, including Azure Apache Oozie, Apache Ambari, Jupyter Notebooks, Apache Hadoop, and Apache Hive 2. However, Microsoft fixed these […]

The post 8 XSS Vulnerabilities in Azure HDInsight Allow Attackers to Deliver Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Abuse Azure AD Abandoned Reply URLs to Escalate Privilege

Eswar — Wed, 30 Aug 2023 07:03:17 +0000

Recent reports indicate that there has been a privilege escalation vulnerability discovered, which arises due to abandoned Active Directory URLs. Threat actors can use this flaw to gain illegal authorization codes that can be used against Microsoft Power Platform API to gain access tokens and escalate their privileges. Microsoft has patched these vulnerabilities as soon […]

The post Hackers Abuse Azure AD Abandoned Reply URLs to Escalate Privilege appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Critical RCE & Spoofing Vulnerabilities in Microsoft Azure Cloud Let Hackers Compromise Microsoft’s Cloud Server

Balaji — Fri, 31 Jan 2020 05:47:35 +0000

Critical remote code execution and spoofing vulnerabilities that existed in the Microsoft Azure cloud infrastructure allow attackers to remotely exploiting the vulnerability and compromise the Azure cloud servers. Researchers from checkpoint found an Azure Stack Spoofing vulnerability in Azure Stack where the certain request is failed to validate. Microsoft Azure Stack is a hybrid cloud platform that […]

The post Critical RCE & Spoofing Vulnerabilities in Microsoft Azure Cloud Let Hackers Compromise Microsoft’s Cloud Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.