While cloud adoption has been top of mind for many IT professionals for nearly a decade, itβs only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider β like Microsoft Azure
The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year.
The findings, released by the Department of Homeland Security (DHS) on Tuesday, found that the intrusion was preventable, and that it became successful
An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E.
Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant said in a new analysis.
UNC1549 is said to overlap with 
Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the MicrosoftΒ Azure AutomationΒ service without racking up any charges.
Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including one that can be executed on a victim's environment without attracting any attention.
"While this
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in theΒ Microsoft Azure HDInsightΒ open-source analytics service that could be weaponized by a threat actor to carry out malicious activities.
"The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions,
Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL.
"An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (
A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform (GCP) services, marking the adversary's expansion in targeting beyond Amazon Web Services (AWS).
The findings come fromΒ SentinelOneΒ andΒ Permiso, which said the "campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew,"
A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said.
California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed itΒ nOAuth.
"nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD
Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks.
"The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure service iframe, which can lead to severe consequences, including unauthorized data access,
Login
FreshRSS