Azure domains and Google abused to spread disinformation and malware
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. [...]
Stay informed on Azure security with the latest insights, trends, and updates. Your hub for all Azure-related information security news.
Search across headline titles and summaries.
Background for this topic.
Azure is a cloud platform offering computing, storage, and networking services that organizations use to run applications and manage data. Security in Azure depends on a shared responsibility model: Microsoft protects the physical infrastructure and core services, while users must secure their configurations, identities, and data within the environment.
Key security concerns include misconfigured access controls that expose resources, vulnerabilities in deployed applications or services, and risks from exposed management endpoints. Effective security requires enforcing least privilege through identity and access management, segmenting networks to limit lateral movement, and continuously monitoring for suspicious activity. Regular patching of workloads and careful configuration of Azure-native security features are critical to reducing attack surfaces and preventing unauthorized access or data exposure.
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. [...]
Microsoft is mandating MFA for all Azure sign-ins, with customers given 60-day advance notices to start implementation
The attack affects organizations that have synced multiple on-premises Active Directory domains to a single Azure tenant.
Tenable detailed two privilege escalation vulnerabilities in the Azure Health Bot Service, one of which has been rated critical
Privilege escalation flaws in the healthcare chatbot platform could have allowed unauthorized cross-tenant access and management of other customers’ resources.
Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data