CyberSecurityBoard
Sponsor Register Login

Research Uncovers Security Vulnerabilities in Microsoft Azure Serverless Environments

Serverless architectures are becoming more popular as cloud providers take on the majority of the workload, allowing developers to focus on building and running their applications. This has attracted the attention of malicious actors, and although serverless environments have a reduced attack surface, users must be careful not to introduce extra risk. To evaluate the security of Microsoft Azure serverless environments, researchers conducted simulations of user-provided code vulnerabilities. This revealed sensitive environmental variables inside the Microsoft Azure environment, which could be exploited by attackers. It was also found that if Azure customers use a master key for SSH access, it could allow attackers to escalate privileges inside a container with a known password. To stay secure, users must deploy public key cryptography for authentication to SSH. It is important to remember that users are responsible for implementing security best practices and policies to supplement Microsofts default security measures. Application code must be properly secured, as it could be an entry point for attackers. Organizations using serverless computing services should understand and exercise their responsibility for securing these environments. To read a full copy of the report, The State of Serverless Security on Microsoft Azure, please visit: https://www.

This Cyber News was published on www.trendmicro.com. Publication date: Thu, 02 Feb 2023 05:20:03 +0000


Cyber News related to Research Uncovers Security Vulnerabilities in Microsoft Azure Serverless Environments

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
4 months ago Cybersecuritynews.com
What is Azure Identity Protection and 7 Steps to a Seamless Setup - As a result, tools such as Microsoft's Azure Identity Protection have become a staple in protecting against compromised identities, account takeover, and misuse of privileges. Azure Identity Protection is a security service that provides a robust ...
1 year ago Securityboulevard.com
Research Uncovers Security Vulnerabilities in Microsoft Azure Serverless Environments - Serverless architectures are becoming more popular as cloud providers take on the majority of the workload, allowing developers to focus on building and running their applications. This has attracted the attention of malicious actors, and although ...
2 years ago Trendmicro.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
1 year ago Blog.checkpoint.com
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
1 year ago Crowdstrike.com
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs - Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud. ...
1 year ago Bleepingcomputer.com
Microsoft fixes Entra ID authentication issue caused by DNS change - "Between 17:18 UTC and 18:35 UTC on 25 February 2025, customers attempting to authenticate with Microsoft Entra ID using the Seamless SSO and Microsoft Entra Connect Sync features may have experienced DNS resolution failures when trying to access ...
8 months ago Bleepingcomputer.com
Microsoft Mitigates Three Vulnerabilities in Azure HDInsight - Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. The Microsoft Security Response Center continually works with security researchers who discover ...
1 year ago Msrc.microsoft.com
Azure Service Tags tagged as security risk, Microsoft disagrees - Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. Service Tags are groups of IP addresses for a specific Azure service ...
1 year ago Bleepingcomputer.com
Azure MACC Credits Gathering Dust? Use Them to Get the Best Prevention-First Security - As we enter 2024, your organization may have unused MACC or Azure commit-to-consume credits as your annual renewal date draws near. Whether you have credits that will soon expire or are starting to plan your Azure spend for the next 12 months, Check ...
1 year ago Blog.checkpoint.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
1 year ago Esecurityplanet.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
"Microsoft’s Secure Future Initiative" Biggest cybersecurity Project in Its History - Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, and the broader industry. Following ...
6 months ago Cybersecuritynews.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
1 year ago Infoworld.com
Researchers Uncover New Technique to Exploit Azure Arc for Hybrid Escalation in Enterprise Environment and Maintain Persistence - IBM analysts identified multiple deployment vectors that introduce security vulnerabilities, including PowerShell scripts with embedded secrets, misconfigured System Center Configuration Manager (SCCM) deployments, and Group Policy Objects (GPOs) ...
4 months ago Cybersecuritynews.com
Explore How Emojideploy Botnet Exploited Microsoft Azure for Remote Code Execution - As cloud computing gains more popularity among businesses, the threat of cyber-attack surfaces to the fore. Microsoft Azure is not immune to security issues, as the recent exploit involving Emojideploy Botnet demonstrates. In this article, we will ...
2 years ago Securityaffairs.com
Azure Serial Console Attack and Defense - This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders' preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various ...
1 year ago Msrc.microsoft.com
Researchers Detailed New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse - As these identities are increasingly implemented across Azure services, they present an expanding attack surface that may allow adversaries to pivot across environments, gain unauthorized access to Microsoft Graph, and extract sensitive data from ...
5 months ago Cybersecuritynews.com Hunters
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
Navigating Security Research: A Comprehensive Guide - As technology and digital data become more prominent in our lives, securing the means and methods of managing our data is paramount. With cyber-attacks becoming increasingly sophisticated, it is important for those responsible for data protection to ...
2 years ago Thehackernews.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
1 year ago Bleepingcomputer.com
Comprehensive Cloud Monitoring Platforms: Ensuring - Platforms for comprehensive cloud monitoring come into play in this situation. In this article, we will explore the significance of comprehensive cloud monitoring platforms and delve into some leading solutions available in the market today. ...
1 year ago Feeds.dzone.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
1 year ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)