< ciso
brief />
Tag Banner

All news with #azure tag

71 articles · page 4 of 4

Microsoft Entra ID Flaw Could Allow Tenant-Wide Hijack

🔒 A critical token validation flaw in Microsoft Entra ID could permit full tenant compromise by abusing undocumented, unsigned actor tokens issued by a legacy Access Control Service. Researcher Dirk-jan Mollema showed that when paired with a vulnerability in the deprecated Azure AD Graph API (CVE-2025-55241) those tokens could impersonate any user — including Global Administrators — across tenants without leaving tenant logs. Microsoft confirmed a fix after the July report and later patched the CVE.
read more →

Microsoft Named Leader in 2025 Gartner IIoT Report

🔷 Microsoft was named a Leader in the 2025 Gartner Magic Quadrant for Global Industrial IIoT Platforms, highlighting its industrial cloud portfolio. Azure’s adaptive cloud—anchored by Azure IoT, Azure Arc, Azure Digital Twins, and Microsoft Fabric—is positioned to unify cloud-to-edge data, enable real‑time intelligence, and scale AI-driven operations. The platform emphasizes security with Microsoft Defender for IoT, Microsoft Sentinel, and Microsoft Entra, while enabling brownfield integration and partner-led solutions to accelerate industrial modernization.
read more →

Blueprint for Building Safe and Secure AI Agents at Scale

🔒 Azure outlines a layered blueprint for building trustworthy, enterprise-grade AI agents. The post emphasizes identity, data protection, built-in controls, continuous evaluation, and monitoring to address risks like data leakage, prompt injection, and agent sprawl. Azure AI Foundry introduces Entra Agent ID, cross-prompt injection classifiers, risk and safety evaluations, and integrations with Microsoft Purview and Defender. Join Microsoft Secure on September 30 to learn about Foundry's newest capabilities.
read more →

Azure Container Storage v2.0.0: NVMe Boosts Kubernetes

⚡ Azure today released Azure Container Storage v2.0.0, a performance-first update that delivers up to 7× higher IOPS, 4× lower latency, and improved resource efficiency for Kubernetes stateful workloads. The release adds built-in support for local NVMe drives, removes prior pricing tiers for large pools, and is available as an open-source local CSI driver for non-AKS clusters. Optimized for storage- and GPU-optimized VM families, the update also enables single-node deployments and integrates with KAITO to speed AI model loading and scaling.
read more →

Azure AD Client Credentials Exposed in Public appsettings

🔒 Resecurity’s HUNTER Team discovered that ClientId and ClientSecret values were inadvertently left in a publicly accessible appsettings.json file, exposing Azure AD credentials. These secrets permit direct authentication against Microsoft’s OAuth 2.0 endpoints and could allow attackers to impersonate trusted applications and access Microsoft 365 data. The exposed credentials could be harvested by automated bots or targeted adversaries. Organizations are advised to remove hardcoded secrets, rotate compromised credentials immediately, restrict public access to configuration files and adopt centralized secrets management such as Azure Key Vault.
read more →

Microsoft to Enforce MFA for Azure Resource Management

🔐 Starting October 1, 2025, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect tenants from unauthorized access. The change, part of its Secure Future Initiative, will be rolled out gradually across public cloud tenants and covers Azure CLI, PowerShell, SDKs, REST APIs, IaC tools, the Azure mobile app, and automation that uses user identities. To prevent disruptions Microsoft recommends updating Azure CLI to 2.76+ and Azure PowerShell to 14.3+; global administrators may postpone enforcement until July 2026.
read more →

Storm-0501 Deletes Azure Data and Backups After Exfiltration

🔒 Microsoft Threat Intelligence details a campaign by Storm-0501 that exfiltrated data from a large enterprise’s Azure environment, then deleted backups and encrypted remaining resources to block recovery. The actor abused Entra Connect synchronization, elevated to Global Administrator, and used Azure Owner privileges to steal storage keys and transfer blobs via AzCopy. Microsoft recommends enabling blob backups, least privilege, logging, and Azure Backup to mitigate these cloud-native ransomware tactics.
read more →

Storm-0501 Debuts Brutal Hybrid Ransomware Chain Attack

🚨 Microsoft Threat Intelligence says financially motivated group Storm-0501 has refined a brutal hybrid ransomware chain that leverages hijacked privileged accounts to pivot from on‑prem Active Directory into Azure, exploiting visibility gaps to exfiltrate, encrypt, and mass‑delete cloud resources and backups. The actor used Evil‑WinRM for lateral movement and DCSync to harvest credentials, abused a non‑MFA synced global admin to reset passwords, and created a malicious federated domain for broad persistence. After exfiltration they deleted backups where possible, encrypted remaining cloud data, and initiated extortion via a compromised Microsoft Teams account. CISOs are urged to enforce least privilege, audit on‑prem assets, close cloud visibility gaps, and rehearse ransomware playbooks.
read more →

Storm-0501 Shifts to Cloud-Based Ransomware Tactics

🔒 Microsoft Threat Intelligence reports that financially motivated actor Storm-0501 has shifted from on‑premises endpoint encryption toward cloud‑native ransomware tactics emphasizing rapid data exfiltration, destruction of backups, and extortion. The actor leverages compromised Entra Connect sync accounts, DCSync, and hybrid‑joined devices to escalate to Global Administrator and gain full Azure control. In cloud environments they abuse Azure operations (listing storage keys, AzCopy exfiltration, snapshot and resource deletions) and create malicious federated domains for persistence and impersonation. Microsoft recommends hardening sync configurations, enforcing phishing‑resistant MFA, enabling Defender for Cloud and storage protections, and applying least‑privilege access controls.
read more →

Microsoft’s open-source journey: from Linux to AI scale

🔎 Microsoft recounts its transition from an early Linux contributor in 2009 to one of the largest open-source supporters in cloud and AI today. The post highlights Azure as a top contributor to the CNCF, the 2015 launch of VS Code, the 2018 GitHub acquisition, and the role of AKS and managed PostgreSQL in enterprise deployments. It also describes COSMIC, explains how OpenAI’s ChatGPT runs at global scale on Azure infrastructure, and lists projects Azure teams are building in the open.
read more →

Zero Day Quest returns with up to $5M bounties for Cloud

🔒 Microsoft is relaunching Zero Day Quest with up to $5 million in total bounties for high-impact Cloud and AI security research. The Research Challenge runs 4 August–4 October 2025 and focuses on targeted scenarios across Azure, Copilot, Dynamics 365 and Power Platform, Identity, and M365. Eligible critical findings receive a +50% bounty multiplier, and top contributors may be invited to an exclusive live hacking event at Microsoft’s Redmond campus in Spring 2026. Participants will have access to training from the AI Red Team, MSRC, and product teams, and Microsoft will support transparent, responsible disclosure.
read more →