BlackCat ransomware hits Azure Storage with Sphynx encryptor
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage. [...]
Stay informed on Azure security with the latest insights, trends, and updates. Your hub for all Azure-related information security news.
Search across headline titles and summaries.
Background for this topic.
Azure is a cloud platform offering computing, storage, and networking services that organizations use to run applications and manage data. Security in Azure depends on a shared responsibility model: Microsoft protects the physical infrastructure and core services, while users must secure their configurations, identities, and data within the environment.
Key security concerns include misconfigured access controls that expose resources, vulnerabilities in deployed applications or services, and risks from exposed management endpoints. Effective security requires enforcing least privilege through identity and access management, segmenting networks to limit lateral movement, and continuously monitoring for suspicious activity. Regular patching of workloads and careful configuration of Azure-native security features are critical to reducing attack surfaces and preventing unauthorized access or data exposure.
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage. [...]
To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities